OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] FW: [saml-dev] Constrained delegation


 

> These are good points; maybe the issue is more about 
> capturing or recommending certain patterns of use vs. 
> developing a new profile.
> 
> But before we discuss solutions, here is a question:-:
> 
> Is it important for SAML issuers and relying parties to 
> distinguish between:

If I put X in the nameID in the subject confirmation am I not
identifying that server X is actiong for Joe?

If I don't put such a nameID, then shouldn't it be Joe
who is doing the acting (or at least something acting
as Joe as Joe probably isn't the computer application
that is proving the HoK)?

Conor


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]