[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] NameID-less SAML Subject
> Interesting perspective. The IdP can't make this decision on its own, > however, since the SP may require an identifier for account linking. Which could be (and has been in many cases) an attribute. As I always try and explain, such decisions have never been assumed to be in-band and are simply part of deployments. > I don't see where it does. Where does it say in [SAMLBind] that a > <NameIdentifier> element is required? I may be mistaken. Longstanding assumption on my part. > Same here. I don't see in [SAML2Prof] where the <NameID> element is > required? It probably doesn't, most of that text was taken from SAML 1.1 and just repurposed. If it's not in 1.1, it probably isn't in 2.0. So, in effect, there's your answer...it's acceptable to not include a NameID during SSO, ergo there's your use case. I'd better make sure my code's fully handling that. ;-) -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]