[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] holder-of-key subject confirmation
On Sun, May 11, 2008 at 1:13 PM, Scott Cantor <cantor.2@osu.edu> wrote: > > > OTOH, if the IdP used KeyInfo/X509Data/X509SubjectName to identify the > > subject name of the user and C2 had the same Subject name, presenting > > the message with proof of C2's private key would be considered to meet > > the requirements identified by the IdP. > > In this case, I would claim this is impossible absent other constraints on > the PKI in use. But probably possible in the abstract. Conor's conclusion makes sense to me, but Scott I don't understand your comment. Are you saying you can think of no practical situation where the user would have and use two such certificates, or is there some other point you're trying to make here? Thanks, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]