[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Fwd: [OAUTH-WG] I-D Action: draft-ietf-oauth-saml2-bearer-05.txt
I can't say I necessarily disagree with you Scott, although maybe I don't feel as strongly about it, but that change was introduced at the specific request of a very large software vendor in order to allow for interoperability with existing COTS products. On Thu, Aug 4, 2011 at 10:45 AM, Cantor, Scott E. <cantor.2@osu.edu> wrote: > On 8/4/11 11:36 AM, "Phillip Hunt" <phil.hunt@oracle.com> wrote: >> >>Lastly the processing rules on the assertion have been relaxed >>somewhat to allow for <SubjectConfirmationData> element(s) to be >>optional when the <Conditions> element has a NotOnOrAfter attribute. > > Omitting subject confirmation just means the assertion has no security > semantics or that it's "sender vouches". You could do bearer by > implication, but that's sloppy. Assertions should be self-defining > whenever possible, not punt their semantics to implication. > > -- Scott > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]