[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Front-channel AttributeQuery Profile
Tom Scavo wrote on 2009-11-11: > As far as I understand his comment, Andreas is correct. S1 can have > any NameID whatsoever, as long as it has every NameID that S2 has. There's only one NameID in the Subject, so I'm not sure what case you're thinking of. He was suggesting that a request would have no NameID and the assertion would have one. That won't fly (at least in terms of the letter of the spec). I think the use case is met by identifying the subject in the query as a bearer confirmation, and doing the same in the assertion. For the reasons I mentioned, there're things I don't like about that idea, but it's reasonable for this use case, given that what you're after are attributes anyway. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]