[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services-comment] Re: http://saml.xml.org/news/holder-of-key-web-browser-sso-profile
> I agree that the SPprovidedID seems to be a place, but it doesn't work > well, if you have several ids that you want to process. That is definitely not the right place. Not sure what you think that attribute means, but it isn't that. > The case is that a serviceprovider may use several of the possible > identifiers, an email, a global company id, etc. Then you put them into SAML attributes. > Can't "Additional data that allows the subject to be confirmed" be > interpreted > as 'The subject is confirmed because according to our policy, we were > successfully able to determine the following additional identifiers which > are represented in the form of NameId' which we include in the > SubjectConfirmation" No, not really. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]