[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] SAML2 Holder-of-Key Assertion Profile
On Sun, Aug 17, 2008 at 7:43 PM, Scott Cantor <cantor.2@osu.edu> wrote: > > My inclination is to say that you're talking about something that belongs in > AuthnContext, though, since you were responding to something I wrote about > how authentication occurs. Well, I thought you were talking about binding X.509 data to a SubjectConfirmation element based on a proof of possession in the past. > Why is this any different than AuthnInstant? The act of authentication and the proof of possession are separate processes in general. Not unlike basing an authentication on an existing security context, I thought you were suggesting that a holder-of-key SubjectConfirmation element might be based on a previous proof of possession. Maybe I was reading too much into your remarks. If so, that's fine, since the use case doesn't seem to be awfully compelling anyway. > And > before you ask "what if there is no AuthnStatement?", my response would be > "there should be if you care about this". Yes, there is an AuthnStatement but not in this "assertion profile." It is specified in the next profile that begins to flesh out the protocol exchange that results in a HoK assertion. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]