[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: ..the notorious bearer subject..
>>>>> "MP" == Mishra, Prateek <pmishra@netegrity.com> writes: MP> Bob, As part of crunching thru the third f2f whiteboard draft, MP> we find numerous references to "bearer" as one possibility for MP> the subject element in an assertion. MP> [...] MP> (2) Is this really required within SAML? What use-case did MP> you have in mind? Prateek, It seems to me that "bearer" subjects would be important for anonymous assertions. One use case might be for anonymous Web browsing. The semantics would be something like, "Yeah, that's one of my users, but you don't need to know _exactly_ who it is." Another use case might be for cryptographically bound assertions to business payloads. For example, <some-business-xml> <order-amount>$10M</order-amount> <product>pencils</product> <AuthenticationDecisionAssertion> <Subject><Bearer /></Subject> <Action>Make Order</Action> <Object>$10M worth of pencils</Object> </AuthenticationDecisionAssertion> </some-business-xml> The semantics here are, "I, PDP for company A, have decided that it's quite OK for the creator of this business XML to make an order for $10M worth of pencils. You don't need to know who did it, just fulfill the order. So mote it be." ~ESP -- Evan Prodromou, Senior Architect eprodromou@securant.com Securant Technologies, Inc. 415-856-9551
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC