[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Proposed erratum resolutions
> Anyway, that said, I'm fine with Scott's suggested language if there's > value in only encrypting the NameID in the returned assertion (and not > any attributes). Something to consider is that AuthnRequest is not only usable in the case of ane entity asking for an assertion for itself. The requester, subject, and relying party are all explicit actors. So the requester could in fact be asking for an assertion usable by somebody else (or somebodies). -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]