OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] The multiple subject issue


> > 3) Let s1 = <Subject><n-i=fred/></Subject> and
> > s2 = <Subject><n-i=fred/><s-c=fred-cert/></Subject> (i.e. s2
> > is s1 with the addition of a SubjectConfirmation). Now, when
> > do I consider s1=s2 and when not? E.g. if I send you an
> > AuthenticationQuery containing s1 and you send me back an
> > assertion containing s2, is that ok? In this case I've no
> > suggested answer, since I don't believe I understand the
> > consequences well enough - maybe someone else does?
> You may consider the two to be equivalent for the purposes of the
> assertion only. So for example it is quite likely that you have a
> name-identifier that may be ambiguous.

The above is about as clear as the current spec on this issue
(i.e. not clear enough). I still have no way to know what checks 
are supposed to be made by my code, e.g. if I ask an authority 
for an authentication assertion for fred and it replies with 
one about bill, how can I (write code to) detect that?


Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC