[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Subject confirmation.
So the profile defines the semantics. It's like the small print in a contract. If entities are contractually associated via some profile then the semantics are really important, especially considering SAML's banking pedigree. That's why I asked about the legal aspects of profiles. Perhaps John has views on this?That's not what "confirm" means It means "be associated with for the purposes of some profile"
Alistair
On 29 Nov 2005, at 23:53, Scott Cantor wrote:
"The holder of the key named "By-Tor" or the holder of the key named "Snow
Dog" can confirm itself as the subject".
That's why I thought "proxy" as whatever entity has one of those keys may
or may not "be" the subject (confirm itself as the subject).
That's not what "confirm" means, though. It means "be associated with for
the purposes of some profile", at least that's always been my take.
In Web SSO, there's no notion but bearer and equality. Since there are no
other profiles...
So it seems that the SAML semantics are open to interpretation depending
on what profile is in use. They're context sensitive. By defining a new
profile you can redefine the semantics but within the global SAML core
context.
SAML core (and bindings) are really the only things you can't change via
profile. By definition, profiles are what define the complete set of
semantics, and that's their purpose.
Just out of interest, was there any legal input to the SAML specs?
None I know of. Nor of most other specs, I'd imagine. Is that a bad thing?
-- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]