OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services-comment] Re: http://saml.xml.org/news/holder-of-key-web-browser-sso-profile

> The introduction could mention something about that an X.509 cert has
> two purpuses:

It's not our job to define the purpose of X.509 certificates, and nobody
would agree if we tried. I certainly don't agree with yours, for example.
There's no such thing as a "global" identity.

> My initial question was for a feature to return additional
> identifier of the "subject" for example in the way outlined below.

That would be an incorrect use of SubjectConfirmation. If you want to pull
something out of the certificate to use as the subject, you can do so, but
do it in the assertion subject, not there.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]