[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Fwd: [OAUTH-WG] I-D Action:draft-ietf-oauth-saml2-bearer-05.txt
On 8/4/11 11:36 AM, "Phillip Hunt" <phil.hunt@oracle.com> wrote: > >Lastly the processing rules on the assertion have been relaxed >somewhat to allow for <SubjectConfirmationData> element(s) to be >optional when the <Conditions> element has a NotOnOrAfter attribute. Omitting subject confirmation just means the assertion has no security semantics or that it's "sender vouches". You could do bearer by implication, but that's sloppy. Assertions should be self-defining whenever possible, not punt their semantics to implication. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]