[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services-comment] XASP: Permitting use of Subject Alt Names?
Hi Dave, On Wed, May 14, 2008 at 10:36 AM, Kemp, David P. <DPKemp@missi.ncsc.mil> wrote: > > Allowing a certificate as a BaseID would at least provide protocol data > to enable IdP-internal mapping based on SubjectAltName, so I wouldn't be > against that. But a standard for nameid-format:X509SubjectAltName would > be better. Well, a full certificate makes most sense for the use cases I have in mind, but if subjectAltName is better suited for your purposes, then by all means submit a profile along those lines. That said, subjectAltName seems problematic in that the format is not well-defined. A subjectAltName can be an e-mail address, an URI, or practically anything with a corresponding OID. I'm not sure how useful such a name identifier would be, but I'll reserve judgment until you've had a chance to be more precise. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]