[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] holder-of-key subject confirmation
> That's what I meant, sorry, but I don't want to require use of the > same certificate. As I tried to outline earlier, the user presents C1 > to the IdP and C2 to the RP (where key(C1) != key(C2)), with the > additional restriction that the same name is bound to both > certificates. Per an email I just sent, I think you also mean the issuer is the same? I missed that part (and generally assume the opposite). That's a big part of the equation. > What I heard from Conor is that > KeyInfo/X509Data/X509SubjectName is required in this case, and what > I'm hearing from you is that this needs to be profiled somewhere. Is > that a fair summary so far? Yeah, I think so. Either profiled or you're just assuming that any implementaton can be made to have the behavior you want by setting options, which is probably a big assumption in this case. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]