[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] holder-of-key subject confirmation
> Okay, but why can't I draw the same conclusion about the name? I'm trying to say that you can, but that you: - can't do so *safely* absent other constraints - *can* do so EVEN IF the KeyInfo contains a certificate as well In other words, SAML does NOT profile KeyInfo, never has, and until we do (for some purpose, e.g. metadata), you're free to do anything you can sensibly argue to your deployment base makes sense, but should think it through. When I said, snarkily, not in my book, I was referring to me as a deployer, essentially. > If <KeyInfo> contains a key, the RP confirms the subject if the presenter > proves possession of the key. If <KeyInfo> contains a name, the RP > confirms the subject if the presenter proves itself to be the named > subject. Not true. In both cases you must prove possession of a key. The difference is in how the key is identified by the IdP, and that is simply an unprofiled hook. But in most cases I've seen, using subject name is interpreted to mean "presents a certificate from a trusted source containing that name". Which is why I'm saying "sure, you can do that, but you absolutely need the additional constraint of what sources are trusted". As an example, the language you use above implies I could satisfy holder of key by logging into the RP with a password that matches an account with that subject name. I would claim that's a pretty clear distortion of the intent behind HoK. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]