OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] NameID-less SAML Subject


On Thu, Feb 28, 2008 at 12:11 PM, Scott Cantor <cantor.2@osu.edu> wrote:
> > What is a use case for this type of SAML Subject?  Can someone give a
>  > real example of a SAML Subject without a name identifier?
>
>  Any deployment that doesn't require a message back to the IdP at some point
>  with the subject in it to reference the original is a candidate for not
>  including one to begin with. It's just an attribute, if you don't need it,
>  why use it?

Interesting perspective.  The IdP can't make this decision on its own,
however, since the SP may require an identifier for account linking.

>  Historically I think SAML 1.1 was wrong to require a NameIdentifier in the
>  browser profile.

I don't see where it does.  Where does it say in [SAMLBind] that a
<NameIdentifier> element is required?

>  2.0 probably has the same error, but in that case, you need
>  it for SingleLogout to work.

Same here.  I don't see in [SAML2Prof] where the <NameID> element is required?

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]