OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Proposed clean up on subject text


+1

Rob Philpott
Senior Consulting Engineer 
RSA Security Inc. 
Tel: 781-515-7115 
Mobile: 617-510-0893 
Fax: 781-515-7020 
mailto:rphilpott@rsasecurity.com

> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Friday, November 12, 2004 1:36 PM
> To: 'Steve Anderson'
> Cc: 'SAML'
> Subject: RE: [security-services] Proposed clean up on subject text
> 
> > What about the case of, say, an Attribute query over SOAP?  An
Attribute
> > Authority will respond with an assertion saying that "the entity
with
> > identifier X has the following associated attributes".
> >
> > I don't imagine that subject confirmation would be included, because
the
> > referenced entity isn't part of the exchange.  So, the default
> > interpretation of that assertion should definitely not be "bearer".
> 
> Right, that's my use case today.
> 
> > I'd like to see text in core, section 2.4.1 "Element <Subject>",
state
> > that the absence of any SubjectConfirmation elements MUST be
interpreted
> > as having no correlation to any presenter of the assertion.  Leaving
it
> > up in the air seems very dangerous to me.
> 
> I'm happy saying it's just "unspecified", as Ron said...the authority
is
> making no statement about subject confirmation whatsoever.
> 
> -- Scott
> 
> 
> To unsubscribe from this mailing list (and be removed from the roster
of
> the OASIS TC), go to http://www.oasis-
>
open.org/apps/org/workgroup/security-services/members/leave_workgroup.ph
p.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]