OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] extending SubjectLocality


 

 
> On 2/2/07, Cahill, Conor P <conor.p.cahill@intel.com> wrote:
> >
> > Are you trying to say that the Authentication took place 
> from a system 
> > in the US or are you trying to say that the user is in the US?
> 
> Hmm, since the country code is a function of the IP address, 
> isn't this a given?  The IP address is that of the 
> authenticated principal (according to the spec) so it follows 
> that the country is that of the authentication principal as 
> well, right?

The locality specifies the domain name and IP address for
the *system from which the assertion subject apparently
authenticated*.  It's about where the authentication came from
and not about the subject itself.  Hence why it's in the
Authntication statement.

If you're trying to make the same kind of statement
(e.g.  "that the system from which the assertion subject 
apparantely authenticated is in the US") then it should
go in the AuthnStatement.

If, on the other hand, you're trying to say that the
Subject is in the US,  then you should use an 
attribute statement.  Whether or not you can make this
latter statement is a different matter.

Conor


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]