OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] Proposed Text and Location for HolderOfKey andSenderVouches (NOT E commentary at start)

I have taken the consistent approach that all the confirmation method identifiers are
defined outside profiles (the profile just "uses" them) in a new section (section 5). 
I have generated a single section with the following text. The text for Holder Of Key closely mimics material from [DSIG] to ensure that use of secret or public-private key pair are both included.
5 Confirmation Method Identifiers
5.1.1 Holder Of Key


The element <SubjectConfirmationData> value MUST be a <ds:KeyInfo> element.
As described in [DSIG], the <ds:KeyInfo> element holds information that enables an
application to obtain a key needed to validate a signature.
 The subject of the assertion 
is the party that can demonstrate that it is the holder of the key used to create said signature.

5.1.2 Sender Vouches



Indicates that no other information is available about the context of use of the assertion. The relying party SHOULD utilize other means to determine if it should process the assertion further.

5.1.3 SAML Artifact

The subject of the assertion is the party that can present a SAML artifact, which
the relying party MUST use to obtain the assertion from the party that created
the artifact. See also Section
5.1.4 Bearer 


The subject of the assertion is the bearer of the assertion. See also Section








[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC