saml-dev message

Subject: NameID-less SAML Subject

From: "Tom Scavo" <trscavo@gmail.com>
To: "SAML Developers" <saml-dev@lists.oasis-open.org>
Date: Thu, 28 Feb 2008 09:57:52 -0500

A SAML V1.1 Subject element may consist of a <SubjectConfirmation>
element alone, without a <NameIdentifier> element:

<complexType name="SubjectType">
  <choice>
    <sequence>
      <element ref="saml:NameIdentifier"/>
      <element ref="saml:SubjectConfirmation" minOccurs="0"/>
    </sequence>
    <element ref="saml:SubjectConfirmation"/>
  </choice>
</complexType>

Similarly, a SAML V2.0 Subject element may consist of one or more
<SubjectConfirmation> elements (again, without a name identifier):

<complexType name="SubjectType">
  <choice>
    <sequence>
      <choice>
        <element ref="saml:BaseID"/>
        <element ref="saml:NameID"/>
        <element ref="saml:EncryptedID"/>
      </choice>
      <element ref="saml:SubjectConfirmation" minOccurs="0"
maxOccurs="unbounded"/>
    </sequence>
    <element ref="saml:SubjectConfirmation" maxOccurs="unbounded"/>
  </choice>
</complexType>

What is a use case for this type of SAML Subject?  Can someone give a
real example of a SAML Subject without a name identifier?

Thanks,
Tom

Follow-Ups:
- AuthnRequest - what exactly is signed
  - From: "Hellan.Kim KHE" <KHE@kmd.dk>
- Re: [saml-dev] NameID-less SAML Subject
  - From: Brent Putman <putmanb@georgetown.edu>
- RE: [saml-dev] NameID-less SAML Subject
  - From: "Scott Cantor" <cantor.2@osu.edu>