[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Destination vs. Recipient and signing of Assertion vs. Response
> My main misunderstanding was the description of SubjectConfirmation in > SAML-core. After reading your answers to my questions, I think I can > understand it now. For the Web SSO Profile with mandatory Recipient, > it's basically saying "I the asserting party am making an assertion > about Subject A, but my relationship to Subject A -- including my > ability to make assertions for him -- can only be relied upon by > Recipient B. No one else should rely upon this relationship." > > Does my paraphrasing make sense? Sort of, but that ignores the other security operation underlying the profile. It's not who can rely on the assertion, it's who can present it and under what circumstances. In the case of bearer, that includes the location, IP address, and time. But note that's a location, not an identity. (The identity of the relying party is in the Audience.) -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]