[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SAML Holder of Key Profile
Brett Beaumont wrote on 2009-01-14:
> 1. Can I still have a NameID element in the SubjectConfirmation element?
I would want that option, so +1 to that.
> 2. Lines 190 - 191: It is assumed that both the SAML issuer and the
relying
> party each possess an X.509 certificate that is known to be associated
with
> the subject of the assertion.
>
> My understanding was that the SAML Issuer must possess an X.509 cert known
> to be associated with the subject (or intended attesting party), but the
RP
> does not.
Also my understanding for the reason you identified. HoK at its most basic
is a SAML-based replacement for existing certificate or key evaluation
methodologies.
-- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]