OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] SubjectConfirmation in SAML query

> Does it make sense to include a SubjectConfirmation element in a SAML
> query (in particular, AttributeQuery)?  The spec does not rule it out,
> but I can't imagine what a SubjectConfirmation might mean in a query.

What it means isn't really ambiguous, but whether it makes sense is kind of
a different question.

Just like with an AuthnRequest, if you ask for a particular confirmation
then you should get back something compatible. If that isn't sensible to the
thing responding, it has to reject the attempt.

I believe the use of confirmations is outside the scope of the standard
query profile, meaning it isn't addressed or precluded.

Since confirmation is essentially how you take a bare assertion and turn it
into a security token, I guess a query asking for one would be a query from
something that wants to use the assertion as a security token.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]