[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SAML Holder of Key Profile
Brett Beaumont wrote on 2009-01-14: > 1. Can I still have a NameID element in the SubjectConfirmation element? I would want that option, so +1 to that. > 2. Lines 190 - 191: It is assumed that both the SAML issuer and the relying > party each possess an X.509 certificate that is known to be associated with > the subject of the assertion. > > My understanding was that the SAML Issuer must possess an X.509 cert known > to be associated with the subject (or intended attesting party), but the RP > does not. Also my understanding for the reason you identified. HoK at its most basic is a SAML-based replacement for existing certificate or key evaluation methodologies. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]