RE: [saml-dev] question on Holder fo the key

[Eric Heflin <eheflin@medicity.com>]

As per:

http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf

When the confirmation method is urn:oasis:names:tc:SAML:1.0:cm:bearer, proof of the
relationship between the attesting entity and the subject of the statements in the assertion is implicit and
no steps need be taken by the receiver to establish this relationship


-----Original Message-----
From: Eric Heflin [mailto:eheflin@medicity.com] 
Sent: Tuesday, May 24, 2011 11:40 AM
To: Cantor, Scott E.; swu@axolotl.com
Cc: saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] question on Holder fo the key

Also, wouldn't the "bearer" SubjectConfirmation method be a closer match to these requirements than "holder-of-key"?

Eric Heflin
Dir of Standards and Interoperability
Medicity
THE Standard for Meaningful HIE.
www.medicity.com
801.415.2672 (o)
801.674.2313 (m)
eheflin (Skype)

-----Original Message-----
From: Cantor, Scott E. [mailto:cantor.2@osu.edu]
Sent: Tuesday, May 24, 2011 11:24 AM
To: swu@axolotl.com
Cc: saml-dev@lists.oasis-open.org
Subject: Re: [saml-dev] question on Holder fo the key

On 5/24/11 1:20 PM, "swu@axolotl.com" <swu@axolotl.com> wrote:

>I guess then my question would be how
>would SAML establish trust relationship in HOK case if no certificate 
>is included (neither from IdP nor Client).

Out of scope.

And for the record, if you establish trust based on the certificate directly, you probably wouldn't need SAML.

-- Scott


---------------------------------------------------------------------
To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: saml-dev-help@lists.oasis-open.org


---------------------------------------------------------------------
To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: saml-dev-help@lists.oasis-open.org