OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Subject in the AuthRequest.

Title: Subject in the AuthRequest.
 

"The IdP needs to consider whether or not the requestor is allowed to specify its own key." 
Just to be clear, by this I was trying to say that the IDP will probably use other information (perhaps in the invocation context of the request) to determine if it accepts the request from the requestor..
If from I guess its policies the IDP allow the key, would then build an assertion (after authentication) with the same subject+confirmation as specified in the request (is this a MUST/MAY or SHOULD)? 

If the IdP returns a positive response to the requestor, it MUST include the key in the assertion.  If, perhaps for some policy reason, it thinks that it cannot use the specified key, it would have to return an error.

Conor 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]