[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: New Issues, Authorities and Domains
Here are a couple of issues we should think about. An Assertion is issued by an authority. Assertions may be signed. The name of a subject must be qualified to some domain. Attributes must be quailfied by a domain as well. Nigels comments in the last concall suggest that resources also need to be qualified by domain. 1. Stephen has pointed out that there may be a requirment to encrypt, for example, the use name but not the domain. Therefore they should be in separate elements. If domains are going to appear all over the place, maybe we need a general way of having element pairs or domain and "thing in domain." 2. Should SAML take any position on the relationship between the 1) Authority, 2) the entity that signed the assertion, and 3) the various domains scattered throughout the assertion? The contrary view is that is a matter for private arrangement among asserting and relying parties. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC