[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: empty <ds:X509Certificate/> element?
I'd like to include a <saml:Subject> element something like the following in a <samlp:AuthnRequest> or a <samlp:AttributeQuery>: <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"> <saml:SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate/> </ds:X509Data> </ds:KeyInfo> </saml:SubjectConfirmationData> </saml:SubjectConfirmation> </saml:Subject> The empty <ds:X509Certificate/> element signals the obvious to the IdP without burdening the request with actual X.509 data. It's not that the X.509 data isn't known to the requester (it is, in fact) but I don't see the point of bloating the request with data the IdP must determine on its own anyway. Is this legal? Is it advisable? Thanks, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]