[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Minutes for July 13 SSTC Call
> (f) Expressing Identity Assurance profile for SAML2.0 (LOA) > - Status: Public review period closed on 13 June 2010. > - Status: Awaiting comments/resolutions. > > Paul, Scott and I reworking, will be uploaded in near term I have it in hand for an editorial pass and then I'll upload, hopefully later today. > Hal, OASIS process requires that , perhaps at CS status, that all > comments are acknowledged and addressed. As a courtesy, we could respond > through email to commenters We have to formally respond, but in the past we've used the wiki, I believe, so I was planning to do that again. > (h) SOA-TEL Token Correlation Profile (Federico/TI) > http://www.oasis-open.org/committees/download.php/38374/sstc-saml- > token%20correlation-profile-v0.8.pdf > > Federico & colleague will explain. > > Document defines the syntax to express a relation between two SAML > assertion, a "main" one and a "related" one. Unless I'm missing something, that's what SubjectConfirmation is for. > The syntax defined defines a new security profile, in which a SAML > assertion is syntactically and semantically meaningful if it is presented in > relation with another "related" > SAML assertion; it enables to express a relation between two security > SAML assertions That's definitely SubjectConfirmation. There's nothing new needed apart from optionally defining a new confirmation method. > Paul, but <Advice> doesnt provide that semantic, better would be > <Condition>? SubjectConfirmation is really a special condition, and it has the semantic "you can't act as the subject unless you can prove X". -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]