OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services-comment] XASP: Permitting use of Subject Alt Names?


Hi Dave,

On Wed, May 14, 2008 at 10:36 AM, Kemp, David P. <DPKemp@missi.ncsc.mil> wrote:
>
>  Allowing a certificate as a BaseID would at least provide protocol data
>  to enable IdP-internal mapping based on SubjectAltName, so I wouldn't be
>  against that.  But a standard for nameid-format:X509SubjectAltName would
>  be better.

Well, a full certificate makes most sense for the use cases I have in
mind, but if subjectAltName is better suited for your purposes, then
by all means submit a profile along those lines.  That said,
subjectAltName seems problematic in that the format is not
well-defined.  A subjectAltName can be an e-mail address, an URI, or
practically anything with a corresponding OID.  I'm not sure how
useful such a name identifier would be, but I'll reserve judgment
until you've had a chance to be more precise.

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]