OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: New Issues, Authorities and Domains


Title: RE: New Issues, Authorities and Domains

Hal Lockhart wrote:
> However, the PKIX spec merely provides a number of optional
> mechanisms (e.g.
> policyAuthority, AAControls) and little guidance for their
> use. In general,
> Distinguished Names, while certainly making it possible to
> construct names
> which are globally unique, does make it explicit what is name
> and what is
> domain. For example, in CN=Hal Lockhart, OU=ASG, O=Entegrity
> Solutions, Inc.
> it is not clear whether the domain is the OU or the O. (This is not a
> criticism, I know why it was left ambigious.) Contrast this
> to Kerberos e.g.
> hal.lockhart@entegrity.com, where the domain (realm) is explicit.
>
>

I'm curious, and forgive any ignorance here as I am just coming up to speed with the group, within SAML.. how can an Issuer (In the X509 world) be defined as the security domain?  In other words, the security domain contains all certificates issued by a particular X509 CA.  Could it simply be that the Issuer DN indicates the domain, and the Subject DN indicates the name.

-dan   



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC