[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: SAML1.0 BAP Spec Question
Hi Terry, > -----Original Message----- > From: Terry McBride [mailto:terry@enspier.com] > Sent: Thursday, May 27, 2004 2:34 PM > To: security-services-comment@lists.oasis-open.org > Cc: Philpott, Robert > Subject: SAML1.0 BAP Spec Question > > Hello, > > I have a question about SAML1.0 BAP. > > The "Assertions and Protocol" document allows the <Subject> of a > Statement to contain either <NameIdentifier>, <SubjectConfirmation>, or > both. > > In the "Bindings and Profiles" document the <ConfirmationMethod> seems > to be required for the artifact profile. Is it truly required or is it > the required Confirmation Method when a <SubjectConfirmation> element is > present? [Rob] When using BAP, the <Subject> element in the assertion statement(s) returned in response to the <ArtifactRequest> must contain a <SubjectConfirmation> element with a child <ConfirmationMethod> element set to the urn:...:artifact-01 identifier. Note that NO <ConfirmationData> should be present. > > The Bindings section I'm referring to is below: > > 4.1.1.1 Required Information > > Identification: urn:oasis:names:tc:SAML:1.0:profiles:artifact-01 > > Contact information: security-services-comment@lists.oasis-open.org > > The following identifier has been assigned to this confirmation method: > > urn:oasis:names:tc:SAML:1.0:cm:artifact-01 > > ... > > 4.1.1.6 Steps 4 and 5: Acquiring the Corresponding Assertions > ... > 527 The <saml:ConfirmationMethod> element of each assertion MUST be set > to > 528 urn:oasis:names:tc:SAML:1.0:cm:artifact-01. > > > > Thank you, > > Terry McBride > www.enspier.com >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]