[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Front-channel AttributeQuery Profile
Solberg Andreas Åkre wrote on 2009-11-11: > Hi Josh! You're right, this is specified in core-3.3.4 - the Subjects MUST > strongly match. That said, given the description in 3.3.4 two subjects may > apparently strongly match even if a NameID is not included in one and is > included in the other. I'm not sure how you're getting that conclusion, but no, that's not the case. > I'm not sure if I follow completely... But if you take a closer look at my > example, it is a schema-valid request with a subject without NameID at all. Schema validity is a subset of profile requirements. > And at the same time, I think, it may be considered to strongly match the > subject included in the response. Only if there's no NameID in the assertion. Which is in fact probably what I would suggest here anyway. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]