[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Authentication of Claimed Identity
Can I suggest the following change to the description of claimed identity so that if matches the descritpion in requester identity. Also, the example provided is confusing (e.g. what is the digital signature against? How does this differ from an input signature?). The new text in 2.8.2 <claimedidentity> currently states: " The <ClaimedIdentity> element indicates the identity of the client who is making a request. The server may use this to parameterize any aspect of its processing. Profiles that make use of this element MUST define its semantics. The <SupportingInfo> child element can be used by profiles to carry information related to the clients identity. One use of <SupportingInfo> is to carry a digital signature or other data that authenticates the request as originating from the client identity. Client authentication may also be handled by the security binding, according to section 6. Regardless of whether client authentication is performed through the security binding or through <SupportingInfo>, the server MUST check that the asserted <Name> matches the client authentication before relying upon the <Name>." 5.2 <RequesterIdentity> currenty states: This section contains the definition of an XML Requester Identity element. This element can be used as a signature property in an XML signature to identify the client who requested the signature. This element has the following children: Name [Required] The name or role of the requester who requested the signature be performed. SupportingInfo [Optional] Information supporting the name (such as a SAML Assertion [SAMLCore1.1], Liberty Alliance Authentication Context, or X.509 Certificate)." ----- I suggest that 2.8.2 is changed to read. "The <ClaimedIdentity> element indicates the identity of the client who is making a request. The server may use this to parameterize any aspect of its processing. Profiles that make use of this element MUST define its semantics. This element has the following children: Name [Required] The name or role of the requester who requests the signature be performed. SupportingInfo [Optional] Information supporting the name (such as a SAML Assertion [SAMLCore1.1], Liberty Alliance Authentication Context, or X.509 Certificate). The claimed identity may be authenticated using the security binding, according to section 6, or using authentication information provided in the <SupportingInfo> element. The server MUST check that the asserted <Name> is authenticated before relying upon the <Name>." Nick
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]