Re: [saml-dev] holder-of-key subject confirmation

["Tom Scavo" <trscavo@gmail.com>]

On Sun, May 11, 2008 at 1:13 PM, Scott Cantor <cantor.2@osu.edu> wrote:
>
>  > OTOH, if the IdP used KeyInfo/X509Data/X509SubjectName to identify the
>  > subject name of the user and C2 had the same Subject name, presenting
>  > the message with proof of C2's private key would be considered to meet
>  > the requirements identified by the IdP.
>
>  In this case, I would claim this is impossible absent other constraints on
>  the PKI in use. But probably possible in the abstract.

Conor's conclusion makes sense to me, but Scott I don't understand
your comment.  Are you saying you can think of no practical situation
where the user would have and use two such certificates, or is there
some other point you're trying to make here?

Thanks,
Tom