[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML2HoKAP question
[This document is in its Public Comment period, so I'm cc'ing the SAML Public Comment list.] On Tue, May 19, 2009 at 4:20 PM, Josh Howlett <Josh.Howlett@ja.net> wrote: > SAML2HoKAP states that (section 2.4): > > "The <saml:SubjectConfirmation> element MAY contain a <saml:NameID> > element. If it does, the latter identifies an attesting entity > different from the subject of the assertion. If the > <saml:SubjectConfirmation> element does not contain a <saml:NameID> > element, then the attesting entity and the subject are one and the > same." > > Why would you do this? Add a <saml:NameID> element to the <saml:SubjectConfirmation> element, you mean? This is useful in cases where the presenter is not the attesting entity. The Shib-uPortal use case is one such example, I think: https://spaces.internet2.edu/display/ShibuPortal/Home Scott requested that this requirement be included in the profile, so I'm sure he can provide more detail. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]