OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [security-services] Proposed Text and Location for HolderOfKeyandSenderVouches (NOT E commentary at start)


Prateek: 

Looks good. Two comments on the text..


> The element <SubjectConfirmationData> value MUST be a <ds:KeyInfo> element.
> As described in [DSIG], the <ds:KeyInfo> element holds information 
> that enables an application to obtain a key needed to validate a signature.  
> The subject of the assertion is the party that can demonstrate that it is 
> the holder of the key used to create said signature.

I don't think the above should be tied to "a signature"..


The element <SubjectConfirmationData> value MUST be a <ds:KeyInfo> element.
As described in [DSIG], the <ds:KeyInfo> element holds a key or information
that enables an application to obtain a key. The subject of the assertion is
the party that can demonstrate that it is the holder of the key.



> The subject of the assertion is the party that can present a SAML 
> artifact, which the relying party MUST use to obtain the assertion from 
> the party that created the artifact. See also Section 4.1.1.1.

We should cast the above in the past tense..

The subject of the assertion is the party that presented a SAML artifact, which
the relying party used to obtain the assertion from the party that created
the artifact. See also Section 4.1.1.1.



thanks,

JeffH


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC