[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] FW: [security-bindings] Multiple authnassertions in one Browser Artifact Profile exchange?
Hi Prateek, I'm a bit confused by these paragraphs. I think some examples of context sensitive comparison operations on <Subject> elements will clarify this. By context specific I mean e.g. illustrating how to compare the Subject element in an attribute assertion against a Subject in an AuthN assertion. Can someone confidently provide some such examples? > We have a clear interpretation of multiple statements and > multiple assertions in our specification. The RP must > consider all of the assertions and statements as > conjunctively describing the system entity. "conjunctively" meaning "and", right? That'd imply for example, that the RP treats an attribute assertion as being about the set of included AuthN assertions and as not being about any of the members of the set of included AuthN assertions. > Generally speaking the RP's attitude should be to find > the information it requires amongst the plurality of > information and make its judgement. If there are multiple > AuthN statements, well, it can pick out the pieces > it needs and render its decision. This seems to me to be saying the opposite of the above. Regards, Stephen. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC