OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] NameID-less SAML Subject

> I think the conclusion is that bearer SubjectConfirmation doesn't
> strictly require a NameID.

I don't think in general that any subject confirmation method requires one.
Confirmation is normally considering a case where somebody directly presents
the assertion along with some proof of legitmacy (in the case of bearer
possibly only the time of presentation, a client address, etc.).

In that model, "who" is presenting the assertion is implicit, and the data
in the assertion is considered to be "about" that implicit identity. The
NameID is simply one means of passing one type of such data. Attributes are
another.

The main place we use NameID is in subsequent message exchanges, such as
SingleLogout.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]