RE: [dss] Authentication Token

["Nick Pope" <pope@secstan.com>]

Trevor, Ed, et al

I have a slight preference for different name for the two elements as Trevor
suggests.  Though I would find either acceptable.

Also, keeping with current saml:NameIdentifierType syntax is fine, just
wanted to check that this has no hidden gotcha.

Nick

> -----Original Message-----
> From: Trevor Perrin [mailto:trevp@trevp.net]
> Sent: 28 October 2004 07:17
> To: dss@lists.oasis-open.org
> Subject: RE: [dss] Authentication Token
>
>
> At 12:46 PM 10/27/2004 -0400, Ed Shallow wrote:
> >[...]
> >     I do not think that the subtle semantic difference between
> > ClaimedIdentity (now with SupportingInfo) and RequesterIdentity (always
> > had SupportingInfo) is worth distinct and separate naming.
>
> I like your previous proposal better.  RequesterIdentity and
> ClaimedIdentity have pretty different functions:
>   - RequesterIdentity goes in signature, says "this guy requested the
> signature be produced (and here's other public info about him)"
>   - ClaimedIdentity goes in protocol, says "I'm requesting a signature be
> produced (and here's other data about me which proves my identity and
> proves I assent to this request"
>
> The supporting info has very different roles - in the 1st case,
> it's public
> (e.g. a certificate), in the latter case, it may be private and
> tied to the
> protocol request (e.g. a signature, PSTP signature, MAC, etc.).
>
> So I think making the structures similar but not identical, like
> you first
> proposed, is the best approach.
>
> Trevor
>
>
> To unsubscribe from this mailing list (and be removed from the
> roster of the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor
> kgroup.php.
>
>
>