OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [saml-dev] saml Subject



Hi,

> A) NameIdentifier - There's a standard URI reference (like
> #emailAddress) describe the format of an LDAP DN ? If not, can i define
> one without go out of specification boundary ?

SAML spec (cs-sstc-core-01) 2.4.2.2 says,
"... The interpretation of the NameQualifier ,and  NameIdentifier's 
content in the case of a Format not specified in this document, are left 
to individual implementations."
So, you can define the format of an LDAP DN as , for example, "urn:ietf:
rfc:2253"

> B) The element SubjectConfirmation could have the ConfirmationMethod as
> a sort of "LDAPBind" and SubjectConfirmationData as the password ?
Yes , see 2.4.3.3.
However the AuthenticationAssertion is not data to authenticate a 
subject but data proving the subject in the assertion is authenticated.
So it might be inadequate that SubjectConfirmationData includes password 
itself.

Regards,
----------------------------------------------
NTT Data Corporation
Yuji Sakata
E-Mail: sakatayu@nttdata.co.jp
----------------------------------------------


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC