[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Use of Assertion Specifier was: Multiple subjects in SAML assertions
> While I'm debating the content of the <Subject> element, I > also dislike the > <AssertionSpecifier> element. The intended semantics of this > element are: > The assertion containing the <AssertionSpecifier> subject > element applies to > exactly the same subject as the assertion referred to by the > <AssertionSpecificer>. If this is really what we want, why > not just copy the > <Subject> element from the referent into the new assertion, > rather than > putting in the <AssertionSpecifier>. With the existing schema > and semantics, > we're forcing the relying party to find the other assertion > just to copy its > <Subject>. > > The other reason I don't like <AssertionSpecifier> is that it > will confuse > people into thinking that one assertion can have another > assertion as its > subject, rather than our intended "copy-the-subject" semantics. There is a discussion of some of the possible reasons for using Assertion Specifier in the Issues List under [DS-1-04: AssnSpecifiesSubject]. I think the issue of incorrect interpretation of SAML Assertions applies to many features, not just this one. I expect the specification to clearly document the semantics of various assertion elements and relying parties who make up their own do so at their own risk. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC