OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] holder-of-key subject confirmation

> That's what I meant, sorry, but I don't want to require use of the
> same certificate.  As I tried to outline earlier, the user presents C1
> to the IdP and C2 to the RP (where key(C1) != key(C2)), with the
> additional restriction that the same name is bound to both
> certificates.

Per an email I just sent, I think you also mean the issuer is the same? I
missed that part (and generally assume the opposite). That's a big part of
the equation.

> What I heard from Conor is that
> KeyInfo/X509Data/X509SubjectName is required in this case, and what
> I'm hearing from you is that this needs to be profiled somewhere.  Is
> that a fair summary so far?

Yeah, I think so. Either profiled or you're just assuming that any
implementaton can be made to have the behavior you want by setting options,
which is probably a big assumption in this case.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]