security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: AuthnRequest Subject vs. NameIDPolicy usage
- From: Thomas Wisniewski <Thomas.Wisniewski@entrust.com>
- To: SAML <security-services@lists.oasis-open.org>
- Date: Fri, 3 Jun 2005 08:11:38 -0400
Title: Message
All, I'm trying to
understand Profiles section 4.1.4.1 (<AuthnRequest>
Usage). Specifically the fact that Subject is allowed and how this related to
NameIDPolicy. I assume the reason Subject is allowed is to because
the requesting service provider may know the subject's identity and
wants the identity provider to match this against the user being authenticated.
It would seem that this should imply that NameIDPolicy's Format and
SPNameQualifier attributes MUST be omitted in this case.
The AllowCreate attribute could be used as it currently is. Is that the
intent? If not and both are used such that the Format and/or
SPNameQualifier attributes are defined in both (and of course possibily
different), what would be the processing rules?
I'm proposing that
these two attributes in NameIDPolicy not be used when using
Subject.
Tom.
Thomas Wisniewski
Software Architect
Phone: (201)
891-0524
Cell: (201) 248-3668
EntrustÒ
Securing Digital Identities
& Information
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]