OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Need help understanding <SubjectConfirmation>

> Would you help me to understand the purpose of the 
> SubjectConfirmation element? 

You should read the errata as well, but SubjectConfirmation is how SAML
assertions are turned into "security tokens", by binding them to an actual
security technology that allows a client to prove that it is authorized by
the SAML authority to act as the subject.

In your example, holder of key does not refer to the authority but to the
attesting entity. If I prove I hold the key, then I'm authorized to wield
the assertion as the subject.

That may mean I'm the subject, or if there's an identifier inside the
SubjectConfirmation, I'm that entity acting on behalf of the subject.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]