[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Requestor Identity
Following text is proposed for the requirement on the requestor's identity: "If the server is not signing with a key specific to the requestor, then the server might want to represent the requestor's name, details of how the requestor authenticated, or other identifying information in signed attributes. There are a number of methods for identifying the requester and various amounts of information that may need to be included regarding details of the authentication event and delegation of signing privileges. In order to accommodate these requirements, an extensible list of options will be included in the definition of the signed attribute. This list will include: 1) The name of the requestor as a simple name string or specific name forms such as X509 subject name (encoded as an LDAP string), email address, IP Address, DNS Name, EDI party name, URI, directory name. Note: The SAML NameIdentifier syntax can be used to encode this information. 2) Other information supporting the name. This can includes: SAML Assertion, Liberty Alliance Authentication Context, User's X509 Certificate" A "Role" attribute has also been proposed in the submission from Juan Carlos and myself. Also, John Messing has suggested that additional information is required on the "authorisation" under which the seal is being carried out. This may also be usefully added here. Nick
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]