OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Question about evidences


Please see inline...

DELEON Frederic wrote:


I would like to konw what is the interest of evidences.
Here is how I understand the specification :
  - a SAML client sends a request with an evidence inside the query,
this evidence contains an assertion ID (assertion reference),
  - a SAML server get this assertion ID and retrieve the corresponding
assertion without control about the assertion ID validity, then it
returns the assertion in an evidence element inside the statement

As far as I understand the assertion returned is a new one containing an AuthZ statement .
The evidence ( assertion or assertion id ) sent to the server is a proff of prior authentication
of the subject which is sent to the server to indicate that the subject is already authenticated
and now an authz decision is queried for.

Is it correct ?
In which case a SAML client can create a request with an evidence (with
assertion ID) ? Where this assertion ID can come from ?

as stated above, this was obtained in a prior act of authentication either via
SSO using artifact/POST profile or making an authn query.
The SAML schema allows giving an assertion instead of an assertion ID in
the evidence on the query. In this case what does the server check ?

Thanks in advance.

Frederic Deleon

To unsubscribe from this list, send a post to saml-dev-unsubscribe@lists.oasis-open.org, or visit http://www.oasis-open.org/mlmanage/.

Bhavna Bhatnagar                                Sun Microsystems Inc.            
Identity Management group        __o
Tel: 408-276-3591              _`\<,_   
                              (*)/ (*)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]