OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [saml-dev] Question about ConfirmationMethod in SSO

Possibly conditions is what my co-developer is afraid of. I don't see 
why, since I too think that having the expiration data in the assertion 
is a good thing. But I think he might mean something else. I'm getting 
details from him.

In the mean time, I have a question of my own from reading the assertion 

In what instances are the <ConfirmationMethod> and 
<SubjectConfirmationData> used? It would seem to me that it would not be 
usable in a SSO environment, since the entire purpose of SSO is to *not* 
pass that sort of information along. I'm assuming that because of this, 
SAML can also be used as a local authentication protocol as well? A spec 
I could use to log into a service with username and password?

Scott Cantor wrote:
>>Is the ability to store information in the assertion that allows the 
>>recipient to verify the validity of the assertion without a network 
>>connection, such as after the network connection is dropped, 
> Like what? Conditions?
> I'm not sure I'd want to have to query back to some datastore using a
> key or ID just to find out that the assertion had expired...
> -- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC