[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] NameID-less SAML Subject
> I think the conclusion is that bearer SubjectConfirmation doesn't > strictly require a NameID. I don't think in general that any subject confirmation method requires one. Confirmation is normally considering a case where somebody directly presents the assertion along with some proof of legitmacy (in the case of bearer possibly only the time of presentation, a client address, etc.). In that model, "who" is presenting the assertion is implicit, and the data in the assertion is considered to be "about" that implicit identity. The NameID is simply one means of passing one type of such data. Attributes are another. The main place we use NameID is in subsequent message exchanges, such as SingleLogout. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]