security-services-comment message

Subject: RE: [security-services-comment] Re: http://saml.xml.org/news/holder-of-key-web-browser-sso-profile

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Peter Sylvester'" <Peter.Sylvester@edelweb.fr>
Date: Wed, 19 Nov 2008 14:01:13 -0500

> The introduction could mention something about that an X.509 cert has
> two purpuses:

It's not our job to define the purpose of X.509 certificates, and nobody
would agree if we tried. I certainly don't agree with yours, for example.
There's no such thing as a "global" identity.

> My initial question was for a feature to return additional
> identifier of the "subject" for example in the way outlined below.

That would be an incorrect use of SubjectConfirmation. If you want to pull
something out of the certificate to use as the subject, you can do so, but
do it in the assertion subject, not there.

-- Scott

Follow-Ups:
- Re: [security-services-comment] Re: http://saml.xml.org/news/holder-of-key-web-browser-sso-profile
  - From: Peter Sylvester <Peter.Sylvester@edelweb.fr>

References:
- Re: http://saml.xml.org/news/holder-of-key-web-browser-sso-profile
  - From: "Tom Scavo" <trscavo@gmail.com>
- Re: http://saml.xml.org/news/holder-of-key-web-browser-sso-profile
  - From: "Tom Scavo" <trscavo@gmail.com>