[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] extending SubjectLocality
> On 2/2/07, Cahill, Conor P <conor.p.cahill@intel.com> wrote: > > > > Are you trying to say that the Authentication took place > from a system > > in the US or are you trying to say that the user is in the US? > > Hmm, since the country code is a function of the IP address, > isn't this a given? The IP address is that of the > authenticated principal (according to the spec) so it follows > that the country is that of the authentication principal as > well, right? The locality specifies the domain name and IP address for the *system from which the assertion subject apparently authenticated*. It's about where the authentication came from and not about the subject itself. Hence why it's in the Authntication statement. If you're trying to make the same kind of statement (e.g. "that the system from which the assertion subject apparantely authenticated is in the US") then it should go in the AuthnStatement. If, on the other hand, you're trying to say that the Subject is in the US, then you should use an attribute statement. Whether or not you can make this latter statement is a different matter. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]