[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Subject confirmation.
Hi,
I'm trying to understand the data associated to the Subject called the Subjectconfirmation.
I'm a little bit confuse on the meaning of this data.
The subjectconfirmation is data available sent to the SP by the asserting party (IDP), so far so good.
Now the thing I don't understand is the following:
Is this data meant to let the SP determine that the Subject in the assertion is actually the subject ? (sorry about the word game)
Or is this data meant to let the SP to determine that the IDP that issued the Assetion is associated with the Subject ?
This what the SALProf spec says about this data: The element SHOULD be used by the relying party to confirm that the request or message came from a
system entity that is associated with the subject of the assertion,
Also I didn't get the point of some of the examples included :
in the holder of key the spec says:
The holder of a specified key is considered to be the subject of the assertion by the asserting party.
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType">
<ds:KeyInfo>
<ds:KeyName>By-Tor</ds:KeyName>
</ds:KeyInfo>
<ds:KeyInfo>
<ds:KeyName>Snow Dog</ds:KeyName>
</ds:KeyInfo>
</SubjectConfirmationData>
</SubjectConfirmation>
and the example ends saying that the holder of those key can confirm itself as a subject.
Now I'm trying to understand what the SP is supposed to do.
Whould it try to understand that User trying to access its resourses have those keys ?
Can anyone help on this ?
Regards
Giuseppe.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]