OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] SAML2HoKAP question


> On Tue, May 19, 2009 at 4:20 PM, Josh Howlett 
> <Josh.Howlett@ja.net> wrote:
> > SAML2HoKAP states that (section 2.4):
> >
> > "The <saml:SubjectConfirmation> element MAY contain a <saml:NameID> 
> > element.  If it does, the latter identifies an attesting entity 
> > different from the subject of the assertion.  If the 
> > <saml:SubjectConfirmation> element does not contain a <saml:NameID> 
> > element, then the attesting entity and the subject are one and the 
> > same."
> >
> > Why would you do this?
> 
> Add a <saml:NameID> element to the <saml:SubjectConfirmation> 
> element, you mean?  This is useful in cases where the 
> presenter is not the attesting entity.

How does attestion happen in this case, where the presenter is not the attesting entity?

I don't understand how the attesting entity gets to demonstrate possession of the private key (section 2.5) if it is not the presenter?

Confused, josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]