OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Authenticator to Subject Confirmation renaming

This is the new text:

1.1.1	Element <Subject> 
The <Subject> element specifies a party by any of the following means:
	*	A name.
	*	By information that allows the party to be authenticated.
	*	By reference to another assertion or by containment of
another assertion.
If a <Subject> element contains more than one subject specification the
issuer is asserting that all the subject specifications present specify the
same subject. For example if both a <NameIdentifier> and a <Authenticator>
element are present the issuer is asserting that the authentication data
authenticates the party with the specified name.
The following schema defines the <Subject> element:
	<element name="Subject" type="saml:SubjectType"/>
	<complexType name="SubjectType">
		<choice maxOccurs="unbounded">
			<element ref="saml:NameIdentifier" 
					minOccurs="0"
maxOccurs="unbounded"/>
			<element ref="saml:SubjectConfirmation" 
					minOccurs="0"
maxOccurs="unbounded"/>
			<element ref="saml:AssertionSpecifier" 
					minOccurs="0"
maxOccurs="unbounded"/>
		</choice>
	</complexType>
1.1.1.1	Element <SubjectConfirmation> 
The <SubjectConfirmation> element specifies a subject by specifying data
that authenticates the subject.
	<AuthenticationMethod>[Any number]
	Each <Authentication> element specifies a URI that identify a
protocol that may be used to authenticate the subject.
	<SubjectConfirmationData>[Optional]
	Each <SubjectConfirmationData> element specifies additional
authentication information used by a specific authentication protocol.
	<ds:KeyInfo>[Optional]
	An XML Signature <ds:KeyInfo>  element that specifies a
cryptographic key held by the subject.
URIs identifying common authentication protocols are specified in Section 4
.
The following schema defines the <SubjectConfirmation> element:
	<element name="SubjectConfirmation"
type="saml:SubjectConfirmationType"/>
	<complexType name="SubjectConfirmationType">
		<sequence>
			<element ref="saml:AuthenticationMethod"
maxOccurs="unbounded"/>
			<element name="SubjectConfirmationData"
type="string" minOccurs="0"/>
			<element ref="ds:KeyInfo" minOccurs="0"/>
		</sequence>
	</complexType>


Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227 <<Phillip Hallam-Baker (E-mail).vcf>>

Phillip Hallam-Baker (E-mail).vcf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC