[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: RSA SAML Interop info
Good catch – Here are the specific
requirements for what it contains: ·
The bearer <SubjectConfirmation>
element described above MUST contain a <SubjectConfirmationData>
element that contains a Recipient
attribute containing the service provider's assertion consumer service URL and
a NotOnOrAfter
attribute that limits the window during which the assertion can be delivered.
It MAY contain an Address
attribute limiting the client address from which the assertion can be
delivered. It MUST NOT contain a NotBefore attribute. If the
containing message is in response to an <AuthnRequest>, then the InResponseTo
attribute MUST match the request's ID. I recommend that we NOT try to include the
“Address” attributes. Rob Philpott From: Thomas
Wisniewski [mailto:Thomas.Wisniewski@entrust.com] Bob, one correction on the doc. Section
5.1, item 3b. The SAML spec requires that the SubjConfData element be there. So
s/MUST NOT/MUST or remove this item completely. Tom.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]