[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: What use is SenderVouches? (was RE: [security-bindings] SOAP Profile draft)
Irving, The core issue is: a subject "delivers" to a trusted server a few assertions which the server attaches to a business payload through a signing act. Question: What should the <ConfirmationMethod> in the assertions be set to?? Now, I would argue that there are two positions that are reasonable here: (1) The above flow is out of scope of SAML 1.0 because of .... [I disagree with this assumption but I can see a viewpoint in this direction....] (2) We need some kind of token for the <ConfirmationMethod> so that the receiver can say: aha! I am not going to get any more information from the assertion or the sender about how the assertion came to be in the possession of the sender. Instead, I should figure out who the sender is (using the sender signature) and whether I believe that I trust the sender to attach these assertions to a business payload. This is all the "SenderVouches" proposal expresses in the concrete context of XML messaging. >>I still don't see what the value of this is. As far as I can >>tell, when an >>issuer creates an assertion containing >><SubjectConfirmation>SenderVouches</SubjectConfirmation>, >>what they are >>saying is: >> >>The way you can tell if this assertion applies to a given >>message, is that >>the sender of the message attached this assertion to the message. >> >>In other words, the assertion applies to the message because >>the sender says >>so. Presumably, the sender attached the assertion to the >>message because the >>sender intended to indicate that the assertion is relevant to >>the message. >> [Prateek] As I stated above, there is also an implication here that the RP is NOT going get any other information about authenticating the subject. In other words, we are warning the RP: process this message in the context of the attached assertions ONLY if you believe the sender has the right to attach them. >>Now, what does it mean for a sender to attach an assertion to >>a message, >>when the assertion in question is _not_ marked SenderVouches? >>I argue that >>it means exactly the same thing: the sender attached the assertion to >>indicate that the assertion is relevant. [Prateek] Well, lets get concrete: What is the <ConfirmationMethod> element set to in your proposal above? >> >>I can't think of any circumstance where the SenderVouches >>marker actually >>adds value. I think it should be dropped. >> >> [Prateek] I would be overjoyed to drop it BUT I want to be sure we capture various simple flows relating to XML messaging! My current belief is that SenderVouches plays a small but concrete role in this space. - prateek
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC