[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: ..the notorious bearer subject..
>>>>> "MP" == Mishra, Prateek <pmishra@netegrity.com> writes:
MP> Bob, As part of crunching thru the third f2f whiteboard draft,
MP> we find numerous references to "bearer" as one possibility for
MP> the subject element in an assertion.
MP> [...]
MP> (2) Is this really required within SAML? What use-case did
MP> you have in mind?
Prateek,
It seems to me that "bearer" subjects would be important for anonymous
assertions.
One use case might be for anonymous Web browsing. The semantics would
be something like, "Yeah, that's one of my users, but you don't need
to know _exactly_ who it is."
Another use case might be for cryptographically bound assertions to
business payloads. For example,
<some-business-xml>
<order-amount>$10M</order-amount>
<product>pencils</product>
<AuthenticationDecisionAssertion>
<Subject><Bearer /></Subject>
<Action>Make Order</Action>
<Object>$10M worth of pencils</Object>
</AuthenticationDecisionAssertion>
</some-business-xml>
The semantics here are, "I, PDP for company A, have decided that it's
quite OK for the creator of this business XML to make an order for
$10M worth of pencils. You don't need to know who did it, just fulfill
the order. So mote it be."
~ESP
--
Evan Prodromou, Senior Architect eprodromou@securant.com
Securant Technologies, Inc. 415-856-9551
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC