[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML2HoKAP question
On Wed, May 20, 2009 at 4:50 AM, Josh Howlett <Josh.Howlett@ja.net> wrote: >> > Ok. So I assume that the NameID is used by the SAML issuer >> to name an >> > intermediate delegate who can wield the assertion as an >> attesting entity? >> >> Yes, but this is just informational. You don't have to do >> anything special to indirectly authenticate the delegate. >> It's there in case you don't want to allow delegation (which >> the condition does a much better job of ensuring, not to >> mention supporting a chain of delegates). > > Ok, I understand now; thank you for the explanation. > > Perhaps its just me being dumb, but the spec might benefit from some > additional text explaining how the condition should be processed. Oh, sorry, but the condition Scott speaks of is profiled separately: http://wiki.oasis-open.org/security/SAML2DelegationCondition Currently, there's no relationship between the two profiles. Maybe there should be? Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]