OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: RE: [saml-dev] how service provider authenticate assertion


2008/5/20 Ż <zhanghui_csu@126.com>:
>
> From the SAML standard,I only find that saml:condition need be authenticate.how about SAML authenticate assertion statement,how to authenticate it?  define authenticate rule by myself ,parse xml text to make decision?the same to subject statement.

So it seems you're using the word "authenticate" inappropriately.  (I
realize English is a second language here and you're trying to
articulate the question the best you can.)  Perhaps the word you want
to use is "validate."  You want to validate the SAML assertion,
correct?  If so, the SAML Core spec is pretty clear on that (see
section 2.5).

>        I don't know how to deal with authenticate statement and saml:subject in SP.Does it relate to business requirement rule,not defined in saml standard.

Once the assertion has been determined to be valid, the rest of the
assertion content is taken as is.  Of course the relying party will
apply local policy before taking any action based on the assertion
content.  As you've guessed, policy is not defined in the SAML
standard.

Hope that helps,

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]