OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] NameID-less SAML Subject

> Ah, I missed that reference, thanks.  The Web SSO Profile precludes
> this situation (section 4.1.4.1, lines 525--527) so I assume the
> writer(s) of the Core spec had some other use case in mind.

It's a simplification for SSO (and I wanted more of them).

> What about the case where the presenter is not the subject but acting
> on behalf of the subject?  In that case, can you think of an example
> where the NameID is not required?

Probably not, some kind of ID would be needed.

> Suppose I want to query an IdP and identify the subject with an X.509
> certificate (not merely a DN).  I'd be tempted to include the cert in
> a SubjectConfirmation element but the semantics aren't quite right.
> What is the correct way to do this?

Define a BaseID extension for carrying a certificate as an identifier.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]