[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] NameID-less SAML Subject
On Sun, Mar 2, 2008 at 2:51 PM, Scott Cantor <cantor.2@osu.edu> wrote:
>
> > Suppose I want to query an IdP and identify the subject with an X.509
> > certificate (not merely a DN). I'd be tempted to include the cert in
> > a SubjectConfirmation element but the semantics aren't quite right.
> > What is the correct way to do this?
>
> Define a BaseID extension for carrying a certificate as an identifier.
Hmm, how would I use BaseIDAbstractType to define a container for ds:KeyInfo?
<complexType name="KeyIdentifier">
<complexContent>
<extension base="saml:BaseIDAbstractType">
<sequence>
<element ref="ds:KeyInfo"/>
</sequence>
</extension>
</complexContent>
</complexType>
Did I use BaseIDAbstractType correctly?
Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]