[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Adding channel bindings to signed SAML Requests
> > Am I missing something, or is this reasonable? > > FWIW it sounds reasonable to me. I'd been having similar thoughts > myself... whether one could attach a <SubjectConfirmation> to the > protocol message, with a newly defined SC method whose > <SubjectConfirmationData> provides the CB data as you've described. It wouldn't work at the protocol level, because SC is an assertion-specific concept, but even though extensions are optional, they can still be required by deployments, or servers can change their behavior based on them. > It's not a great fit, as SAML Subject Confirmation is explicitly > scoped to "the correspondence of the subject of the assertion", but > there might be some value in this re-use. I think SC confuses people enough without overloading its meaning. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]