[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] comments on bindings-model-14
Prateek -- thanks for getting that out. Two quick editorial comments.. 1. altho the sections are numbered in the TOC, sections are unnumbered in the document body. A Word problem? Anyone else see this or is it just me? 2. wrt "Confirmation Method Identifiers" section It's lacking introduction text. I suggest we leverage the text Hal wrote that appeared in core-28... --------------------------------------- <SubjectConfirmationMethod> is a part of the <SubjectConfirmation>, which is used to allow the Relying Party to confirm that the request or message came from the System Entity that corresponds to the Subject in the statement. The <SubjectConfirmationMethod> indicates the method which the Relying Party can use to do this in the future. This may or may not have any relationship to an authentication that was performed previously. Unlike the Authentication Method, the <SubjectConfirmationMethod> will usually be accompanied with some piece of information, such as a certificate or key, which will allow the Relying Party to perform the necessary check. There are many <SubjectConfirmationMethod>, because there are many different SAML usage scenarios. A few examples are: 1. A user logs in with a password, but a temporary passcode or cookie is issued for confirmation purposes to avoid repeated exposure of the long term password. 2. There is no login, but an application request is digitally signed. The associated public key is used for confirmation. --------------------------------------- It needs at least a reference to [SAMLCore] in the first sentence, and perhaps the first example needs redo because we don't have a password confirmation method at this point. I'd change the first "many" in the second paragraph to "several", and "few" to "couple" as appropriate. JeffH
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC