OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Front-channel AttributeQuery Profile

Tom Scavo wrote on 2009-11-11:
> As far as I understand his comment, Andreas is correct. S1 can have
> any NameID whatsoever, as long as it has every NameID that S2 has.

There's only one NameID in the Subject, so I'm not sure what case you're
thinking of. He was suggesting that a request would have no NameID and the
assertion would have one. That won't fly (at least in terms of the letter of
the spec).

I think the use case is met by identifying the subject in the query as a
bearer confirmation, and doing the same in the assertion. For the reasons I
mentioned, there're things I don't like about that idea, but it's reasonable
for this use case, given that what you're after are attributes anyway.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]