[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Days late and dollars short, comments on "entity" terminology
> "Indicates that the content of the element is the identifier of an > entity that provides SAML-based services (such as a SAML authority, > requester, or responder) ..." Fine by me. > I guess I'm confused, then, because on line 2050, "presenter" is > specially defined as distinct from "confirming entity". Potentially distinct, but 2050 is also talking about the entity that presents an AuthnRequest to the IdP. But actually the presenter (once he turns around and delivers the Response) is generally also a confirming entity as well. Around 2309, you'll see this text: "The request presenter should, to the extent possible, be the only entity able to satisfy the <saml:SubjectConfirmation> of the assertion(s)." In other words, the presenter is generally also a confirming entity (or can be). And in fact it is one in the browser use case (the presenter is the bearer). But this is beside the point since the subject confirmation text is talking about an entity presenting an assertion. I'm happy to use a different word there (Jeff uses "wield", but I always picture a sword). > The specific question I would raise is: Is a SAML V1.x "authentication > authority" (which was specifically not a thing in charge of actual > authentication on request) a SAML V2.0 "identity provider", or not? Not to me it isn't. Nor is a SAML 2.0 authn authority one *unless* it also supports this protocol. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]