List Home All Archives Dates Threads Authors Subjects
saml-dev - RE: [saml-dev] Subject confirmation. Message Thread: Previous | Next
  • To: <alistair@xxxxxxxxxxxxx>
  • From: "Scott Cantor" <cantor.2@xxxxxxx>
  • Date: Tue, 29 Nov 2005 18:53:59 -0500
  • Cc: <saml-dev@xxxxxxxxxxxxxxxxxxxx>
Send Email to
Send new message
Reply to this message
> "The holder of the key named "By-Tor" or the holder of the key named "Snow
> Dog" can confirm itself as the subject".
> That's why I thought "proxy" as whatever entity has one of those keys may
> or may not "be" the subject (confirm itself as the subject).

That's not what "confirm" means, though. It means "be associated with for
the purposes of some profile", at least that's always been my take.

In Web SSO, there's no notion but bearer and equality. Since there are no
other profiles...

> So it seems that the SAML semantics are open to interpretation depending
> on what profile is in use. They're context sensitive. By defining a new
> profile you can redefine the semantics but within the global SAML core
> context.

SAML core (and bindings) are really the only things you can't change via
profile. By definition, profiles are what define the complete set of
semantics, and that's their purpose.

> Just out of interest, was there any legal input to the SAML specs?

None I know of. Nor of most other specs, I'd imagine. Is that a bad thing?

-- Scott

By Date: Previous | Next Current Thread By Thread: Previous | Next

  Mail converted by the most-excellent MHonArc 2.6.10