[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] NameID-less SAML Subject
> Ah, I missed that reference, thanks. The Web SSO Profile precludes > this situation (section 4.1.4.1, lines 525--527) so I assume the > writer(s) of the Core spec had some other use case in mind. It's a simplification for SSO (and I wanted more of them). > What about the case where the presenter is not the subject but acting > on behalf of the subject? In that case, can you think of an example > where the NameID is not required? Probably not, some kind of ID would be needed. > Suppose I want to query an IdP and identify the subject with an X.509 > certificate (not merely a DN). I'd be tempted to include the cert in > a SubjectConfirmation element but the semantics aren't quite right. > What is the correct way to do this? Define a BaseID extension for carrying a certificate as an identifier. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]