[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Subject confirmation.
That isn't how I would describe it.The subjectconfirmation is data available sent to the SP by the asserting party (IDP), so far so good.
The Subject confirmation is essentially the steps that the sender must go through to proove they are allowed to present the assertion to the receiver. In the case of Broswer based SSO, this will always be a "bearer" confirmention (meaning that whoever can bear this token can present it to the SP). This is necessary since the browser isn't capable of doing anything else.Now the thing I don't understand is the following:
Is this data meant to let the SP determine that the Subject in the assertion is actually the subject ? (sorry about the word game)
It is not generally used for IdP->SP communications associated with SSO since they are typically sent through a browser client (so the browser is actually the entity sending the assertion to the SP after having gotten it from the IdP).Or is this data meant to let the SP to determine that the IDP that issued the Assetion is associated with the Subject ?
In the browser based SSO model (where the SP comes into play), the confirmation method is: "...:cm:bearer" since it is always a bearer confirmation (See Section 4.1.1 of the SAML Profiles specification).Now I'm trying to understand what the SP is supposed to do.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]