OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Subject confirmation.

Title: Subject confirmation.

I'm trying to understand the data associated to the Subject called the Subjectconfirmation.
I'm a little bit confuse on the meaning of this data.

The subjectconfirmation is data available sent to the SP by the asserting party (IDP), so far so good.
Now the thing I don't understand is the following:

Is this data meant to let the SP determine that the Subject in the assertion is actually the subject ? (sorry about the word game)

Or is this data meant to let the SP to determine that the IDP that issued the Assetion is associated with the Subject ?

This what the SALProf spec says about this data: The element SHOULD be used by the relying party to confirm that the request or message came from a

system entity that is associated with the subject of the assertion, 

Also I didn't get the point of some of the examples included :

in the holder of key the spec says:
The holder of a specified key is considered to be the subject of the assertion by the asserting party.
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
<SubjectConfirmationData xsi:type="saml:KeyInfoConfirmationDataType">
<ds:KeyName>Snow Dog</ds:KeyName>

and the example ends saying that the holder of those key can confirm itself as a subject.

Now I'm trying to understand what the SP is supposed to do.

Whould it try to understand that User trying to access its resourses have those keys ?

Can anyone help on this ?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]