[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Moving subjects up to assertions (disregardfirst reply)
> So, perhaps it should be called AuthenticationLocality? IIRC, the name was chosen because people got confused as to whether the address/hostname referred to the client, or a server. They still do in fact. I think SubjectLocality was a late compromise to try and clarify it. I think I suggested PrincipalLocality at one point, but Principal didn't show up in the schema anywhere, so people didn't want to add it late. > it does seem like that would be most useful with SubjectConfirmation > anyway. Is there another use for SubjectLocality BTW? Does it matter > whether it's in the authentication statement or at the assertion level? > Could it not relate to other (Subject)Statements? I suppose one could argue it's a special case that maybe belongs solely as bearer confirmation data. I don't personally have any other use for it, and even that use is pretty minimal since more and more people are stuck behind NATs. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]