[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] A browser/POST question...
The section is 4.1.2.5, line 743 of the 1.0 B&P document. Current text reads: "The <saml:ConfirmationMethod> element of each assertion MUST be set to urn:oasis:names:tc:SAML:1.0:cm:bearer." That text is actually a little muddled. I suggest a clarifying edit to read: Each statement subject included in the response MUST include a <saml:ConfirmationMethod> element of urn:oasis:names:tc:SAML:1.0:cm:bearer." Then we can add: "<saml:SubjectConfirmationData> SHOULD NOT be included." -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]