[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Do we want to add some discussion text for"Authenticated context "
As a general point, perhaps we need some discussion of "Authenticated context". That is, if a SAML object (assertion, request or response) is received as part of some larger message or connection, authentication information from that context MAY apply to the assertion. Examples of such authentication information include digital signatures on enveloping messages and SSL authentication on connections. It is the responsibility of the SAML binding or profile for a particular protocol to define how authentication information from that protocol applies to the SAML data. I'm inclined to think that this discussion belongs in the Core, since all uses of SAML might want to refer to it. - irving - ----------------------------------------------------------------------------------------------------------------- The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. In addition, certain Marketing collateral may be added from time to time to promote Baltimore Technologies products, services, Global e-Security or appearance at trade shows and conferences. This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC