[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] NameID-less SAML Subject
On Wed, Mar 5, 2008 at 1:05 PM, Ari Kermaier <ari.kermaier@oracle.com> wrote: > If an Assertion in the response to an AuthnRequest does not contain a NameID in the Subject, what is the meaning of the SubjectConfirmation, in the context of SSO profiles? I think the conclusion is that bearer SubjectConfirmation doesn't strictly require a NameID. > The language in [SAMLCore] and in [SAMLProf], particularly as amended in the approved errata E47, speaks of the Subject as if it's the NameID: > > "If an assertion is issued for use by an entity other than the subject, then that entity SHOULD be > identified in the <SubjectConfirmation> element." > > What would "other than the subject" mean in the above? The SP. See section 3.3 in [SAMLProf] for an example. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]