[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] The multiple subject issue
Phill, > > 3) Let s1 = <Subject><n-i=fred/></Subject> and > > s2 = <Subject><n-i=fred/><s-c=fred-cert/></Subject> (i.e. s2 > > is s1 with the addition of a SubjectConfirmation). Now, when > > do I consider s1=s2 and when not? E.g. if I send you an > > AuthenticationQuery containing s1 and you send me back an > > assertion containing s2, is that ok? In this case I've no > > suggested answer, since I don't believe I understand the > > consequences well enough - maybe someone else does? > > You may consider the two to be equivalent for the purposes of the > assertion only. So for example it is quite likely that you have a > name-identifier that may be ambiguous. The above is about as clear as the current spec on this issue (i.e. not clear enough). I still have no way to know what checks are supposed to be made by my code, e.g. if I ask an authority for an authentication assertion for fred and it replies with one about bill, how can I (write code to) detect that? Stephen. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC