saml-dev message

Subject: RE: [saml-dev] SAML2HoKAP question

From: "Josh Howlett" <Josh.Howlett@ja.net>
To: "Scott Cantor" <cantor.2@osu.edu>,"Tom Scavo" <trscavo@gmail.com>
Date: Wed, 20 May 2009 09:50:00 +0100

> >  Ok. So I assume that the NameID is used by the SAML issuer 
> to name an 
> > intermediate delegate who can wield the assertion as an 
> attesting entity?
> 
> Yes, but this is just informational. You don't have to do 
> anything special to indirectly authenticate the delegate. 
> It's there in case you don't want to allow delegation (which 
> the condition does a much better job of ensuring, not to 
> mention supporting a chain of delegates).

Ok, I understand now; thank you for the explanation.

Perhaps its just me being dumb, but the spec might benefit from some
additional text explaining how the condition should be processed.

josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG

Follow-Ups:
- Re: [saml-dev] SAML2HoKAP question
  - From: Tom Scavo <trscavo@gmail.com>

References:
- SAML2HoKAP question
  - From: "Josh Howlett" <Josh.Howlett@ja.net>
- Re: [saml-dev] SAML2HoKAP question
  - From: Tom Scavo <trscavo@gmail.com>
- RE: [saml-dev] SAML2HoKAP question
  - From: "Josh Howlett" <Josh.Howlett@ja.net>
- RE: [saml-dev] SAML2HoKAP question
  - From: "Josh Howlett" <Josh.Howlett@ja.net>
- RE: [saml-dev] SAML2HoKAP question
  - From: "Scott Cantor" <cantor.2@osu.edu>