OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] NameID-less SAML Subject

> Interesting perspective.  The IdP can't make this decision on its own,
> however, since the SP may require an identifier for account linking.

Which could be (and has been in many cases) an attribute. As I always try
and explain, such decisions have never been assumed to be in-band and are
simply part of deployments.

> I don't see where it does.  Where does it say in [SAMLBind] that a
> <NameIdentifier> element is required?

I may be mistaken. Longstanding assumption on my part.

> Same here.  I don't see in [SAML2Prof] where the <NameID> element is
> required?

It probably doesn't, most of that text was taken from SAML 1.1 and just
repurposed. If it's not in 1.1, it probably isn't in 2.0.

So, in effect, there's your answer...it's acceptable to not include a NameID
during SSO, ergo there's your use case. I'd better make sure my code's fully
handling that. ;-)

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]