OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] FW: [security-bindings] Multiple authnassertions in one Browser Artifact Profile exchange?

Hi Prateek,

I'm a bit confused by these paragraphs.

I think some examples of context sensitive comparison 
operations on <Subject> elements will clarify this. 
By context specific I mean e.g. illustrating how to 
compare the Subject element in an attribute assertion 
against a Subject in an AuthN assertion.

Can someone confidently provide some such examples?

> We have a clear interpretation of multiple statements and
> multiple assertions in our specification. The RP must
> consider all of the assertions and statements as
> conjunctively describing the system entity.

"conjunctively" meaning "and", right? That'd imply for 
example, that the RP treats an attribute assertion as 
being about the set of included AuthN assertions and 
as not being about any of the members of the set of
included AuthN assertions.

> Generally speaking the RP's attitude should be to find
> the information it requires amongst the plurality of
> information and make its judgement. If there are multiple
> AuthN statements, well, it can pick out the pieces
> it needs and render its decision.

This seems to me to be saying the opposite of the above.


Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC