[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services-comment] Re: http://saml.xml.org/news/holder-of-key-web-browser-sso-profile
Scott Cantor wrote: >> I agree that the SPprovidedID seems to be a place, but it doesn't work >> well, if you have several ids that you want to process. >> > > That is definitely not the right place. Not sure what you think that > attribute means, but it isn't that. > Right. > >> The case is that a serviceprovider may use several of the possible >> identifiers, an email, a global company id, etc. >> > > Then you put them into SAML attributes. > I agree. > >> Can't "Additional data that allows the subject to be confirmed" be >> interpreted >> as 'The subject is confirmed because according to our policy, we were >> successfully able to determine the following additional identifiers which >> are represented in the form of NameId' which we include in the >> SubjectConfirmation" >> > > No, not really. > I agree. > > -- Scott > > > > -- <http://www.edelweb.fr> *Edel/W/eb* Peter SYLVESTER Consultant Sécurité des Systèmes d'Information ----------------------------------------------------------- EdelWeb - Groupe ON-X 15, quai de Dion-Bouton F-92816 Puteaux Cedex Tel : +33.1.40.99.14.14 / Fax : +33.1.40.99.99.58 www.edelweb.fr <http://www.edelweb.fr> / www.on-x.com <http://www.on-x.com> ----------------------------------------------------------- To verify the message signature, see edelpki.edelweb.fr <http://edelpki.edelweb.fr/> Cela vous permet de charger le certificat de l'autorité de racine <http://edelpki.edelweb.fr/cacerts/EdelPKI-ca.der>; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.
S/MIME Cryptographic Signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]