[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] NameID-less SAML Subject
On Thu, Feb 28, 2008 at 12:11 PM, Scott Cantor <cantor.2@osu.edu> wrote: > > What is a use case for this type of SAML Subject? Can someone give a > > real example of a SAML Subject without a name identifier? > > Any deployment that doesn't require a message back to the IdP at some point > with the subject in it to reference the original is a candidate for not > including one to begin with. It's just an attribute, if you don't need it, > why use it? Interesting perspective. The IdP can't make this decision on its own, however, since the SP may require an identifier for account linking. > Historically I think SAML 1.1 was wrong to require a NameIdentifier in the > browser profile. I don't see where it does. Where does it say in [SAMLBind] that a <NameIdentifier> element is required? > 2.0 probably has the same error, but in that case, you need > it for SingleLogout to work. Same here. I don't see in [SAML2Prof] where the <NameID> element is required? Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]