OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] holder-of-key subject confirmation

On Mon, May 12, 2008 at 6:47 PM, Rich.Levinson <rich.levinson@oracle.com> wrote:
>  The weakness I see here is that it seems to reduce a strong
>  token (saml hok) to the level of a bearer token, because the
>  inherent strength of the hok is not being used.

Not quite, since the IdP binds a name to the assertion, and that name
happens to be the same name bound to the certificate C2 that the RP
trusts.  So there's a linkage between the authentication token (C2)
and the authorization token (signed SAML assertion), not quite as
strong as typical h-o-k, but stronger than bearer, I think.  (I know,
I've used the words "strong" and "stronger" without defining what that
means, so you're welcome to throw stones :)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]