OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] SAML2HoKAP question

[This document is in its Public Comment period, so I'm cc'ing the SAML
Public Comment list.]

On Tue, May 19, 2009 at 4:20 PM, Josh Howlett <Josh.Howlett@ja.net> wrote:
> SAML2HoKAP states that (section 2.4):
> "The <saml:SubjectConfirmation> element MAY contain a <saml:NameID>
> element.  If it does, the latter identifies an attesting entity
> different from the subject of the assertion.  If the
> <saml:SubjectConfirmation> element does not contain a <saml:NameID>
> element, then the attesting entity and the subject are one and the
> same."
> Why would you do this?

Add a <saml:NameID> element to the <saml:SubjectConfirmation> element,
you mean?  This is useful in cases where the presenter is not the
attesting entity.  The Shib-uPortal use case is one such example, I


Scott requested that this requirement be included in the profile, so
I'm sure he can provide more detail.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]