OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: empty <ds:X509Certificate/> element?


I'd like to include a <saml:Subject> element something like the
following in a <samlp:AuthnRequest> or a <samlp:AttributeQuery>:

<saml:Subject
  xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
  <saml:SubjectConfirmation
    Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
    <saml:SubjectConfirmationData
      xsi:type="saml:KeyInfoConfirmationDataType">
      <ds:KeyInfo>
        <ds:X509Data>
          <ds:X509Certificate/>
        </ds:X509Data>
      </ds:KeyInfo>
    </saml:SubjectConfirmationData>
  </saml:SubjectConfirmation>
</saml:Subject>

The empty <ds:X509Certificate/> element signals the obvious to the IdP
without burdening the request with actual X.509 data.  It's not that
the X.509 data isn't known to the requester (it is, in fact) but I
don't see the point of bloating the request with data the IdP must
determine on its own anyway.

Is this legal?  Is it advisable?

Thanks,
Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]