[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Representing requestor's identity
I would think that the attributes contained in the contribution from you and Nick should be added as a possible source for other information supporting the name. The three mentioned in that paragraph should not be exclusive. Any method should be supported, even ones that we do not know about today, if we are simply describing methods of authentication or supplemental information about it. Also, in the first part, where is a WSS security token and string name? Are we back to SAML again? I thought we had resolved that issue. ---------- Original Message ---------------------------------- From: Juan Carlos Cruellas <cruellas@ac.upc.es> Date: Tue, 20 May 2003 16:26:25 +0200 >Dear all, > >One of the issues that we should try to deal with during these days is the >issue of representing requestor's identity and how this should be included >in the requirements document. >So far the latest version of teh requireements document says in its 3.2.1 >section: > >"If the server is not signing with a key specific to the requestor, then >the server might want to >represent the requestor's name, and possibly details of how the requestor >authenticated, in a 205 >signed attribute. We will define an XML element for this purpose, which >will contain: 206 >• Requestor Name (in a type/value format such as a SAML NameIdentifier) 207 >• (Optionally) Information supporting the name (such as a SAML Assertion, >Liberty Alliance 208 >Authentication Context, or X.509 Certificate)" > >Does this constitute a basis for reaching a consensus or is there anyone >thinking that >something should be changed or added? > > >Juan Carlos. > > > >You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_workgroup.php > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]