OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] SAML Holder of Key Profile

Brett Beaumont wrote on 2009-01-14:
> 1. Can I still have a NameID element in the SubjectConfirmation element?

I would want that option, so +1 to that.

> 2. Lines 190 - 191: It is assumed that both the SAML issuer and the
relying
> party each possess an X.509 certificate that is known to be associated
with
> the subject of the assertion.
> 
> My understanding was that the SAML Issuer must possess an X.509 cert known
> to be associated with the subject (or intended attesting party), but the
RP
> does not.

Also my understanding for the reason you identified. HoK at its most basic
is a SAML-based replacement for existing certificate or key evaluation
methodologies.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]