OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Public Comment


Comment from: hmadhavanpillai@rsasecurity.com

Name:Hareedran
Title: Technical Lead
Organization: Hcl Technologies
Regarding Specification: SAML Attribute Sharing Profile for X.509 Authentication-Based Systems

In the 2.2.1 Overview section the spec says "Principal authentication is accomplished through the presentation of a trusted X.509v3 certificate (that is, the federated credential is a certificate, and not a SAML assertion)"
Even if the principal uses Certificate for authentication, it still uses SAML assertion. The point is if the principal uses Certificate for authentication, in assertion, the <Subject> element will contain a <NameID> with the value of the Subject DN from the principalís X.509v3 certificate and a format with the value of urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName.

The federated credential is still a SAML assertion



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]