[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] extending SubjectLocality
On 2/2/07, Cahill, Conor P <conor.p.cahill@intel.com> wrote: > > The locality specifies the domain name and IP address for > the *system from which the assertion subject apparently > authenticated*. It's about where the authentication came from > and not about the subject itself. Conor, I'm having a hard time understanding the distinction you're trying to make. Can you give an example that illustrates your point? > If you're trying to make the same kind of statement > (e.g. "that the system from which the assertion subject > apparantely authenticated is in the US") then it should > go in the AuthnStatement. Since the country is determined by the IP address, I'm pretty sure this is the correct interpretation. However, I'm not sure how to include the country code in a SAML V2.0 AuthnStatement, let alone a SAML V1.1 AuthenticationStatement (hence, my original post). > If, on the other hand, you're trying to say that the > Subject is in the US, then you should use an > attribute statement. Whether or not you can make this > latter statement is a different matter. Conor, I don't know what you mean by "Subject is in the US." Do you mean that the Subject is a resident of the US (by some definition of "resident")? Thanks, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]