OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: ..the notorious bearer subject..


Title: RE: ..the notorious bearer subject..
 
Disagree that absence of authenticator means anything. Might be simply relying on authentication by other unstated mechanism. Might be an attribute assertion. Seems unreasonable to make such a dramatic semantics as 'bearer assertions' the default!
 
If you want a bearer assertion it should be explicitly stated. <Subject><Authenticator><Protocol>BEARER</../../..>
 
Or something
 
        Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227

-----Original Message-----
From: Tim Moses [mailto:tim.moses@entrust.com]
Sent: Sunday, July 15, 2001 2:51 PM
To: 'security-services@lists.oasis-open.org'
Subject: RE: ..the notorious bearer subject..

Prateek - Now you have me confused.  I think "bearer" tokens are recognizable because their "authenticator" element is missing.  But, surely, the Web Browser profile needs this approach.  The authentication assertion referenced by the artifact is a bearer token.  N'est pas?  Best regards.  Tim.

-----Original Message-----
From: Mishra, Prateek [mailto:pmishra@netegrity.com]
Sent: Friday, July 13, 2001 6:22 PM
To: 'bblakley@tivoli.com'; 'security-services@lists.oasis-open.org'
Subject: ..the notorious bearer subject..


Bob,
 
As part of crunching thru the third f2f
whiteboard draft, we find numerous
references to "bearer" as one possibility
for the subject element in an assertion.
 
Presumably, a bearer assertion
is one that can be simply presented
by whoever is "holding" it
and used without further proof of ownership.
 
(1) How do we model this at the XML-level ---
I assume it is enough to have an element
called <Bearer/> that can appear within the
<Subject> element.
 
(2) Is this really required within SAML?
What use-case did you have in mind?
 
 
- prateek

Phillip Hallam-Baker (E-mail).vcf



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC