OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] NameID-less SAML Subject

On Wed, Mar 5, 2008 at 1:05 PM, Ari Kermaier <ari.kermaier@oracle.com> wrote:
> If an Assertion in the response to an AuthnRequest does not contain a NameID in the Subject, what is the meaning of the SubjectConfirmation, in the context of SSO profiles?

I think the conclusion is that bearer SubjectConfirmation doesn't
strictly require a NameID.

> The language in [SAMLCore] and in [SAMLProf], particularly as amended in the approved errata E47, speaks of the Subject as if it's the NameID:
>
>  "If an assertion is issued for use by an entity other than the subject, then that entity SHOULD be
>  identified in the <SubjectConfirmation> element."
>
>  What would "other than the subject" mean in the above?

The SP.  See section 3.3 in [SAMLProf] for an example.

Tom

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]