[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: holder-of-key subject confirmation
Consider the following sequence of protocol exchanges: 1. A user self-queries an IdP for attributes, authenticating with an X.509 certificate (C1). 2. The IdP issues a signed attribute assertion, binding the user's certificate to a holder-of-key <SubjectConfirmation> element. 3. The user presents the signed attribute assertion to a relying party, authenticating with a different X.509 certificate (C2). If the RP can verify that the subject names in C1 and C2 are the same, can the RP conclude that the subject is confirmed? Thanks, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]