OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: issue: description of SubjectConfirmation/KeyInfo (in SAML core)precludes impersonation

676: <ds:KeyInfo> [Optional]
676: An XML Signature [XMLSig] element that provides access to a 
cryptographic key held by the subject.

The wss stp attempts to describe a holer-of-key impersonation model, 
where the
entity that confirms knowledge of the key is other than the subject of 
the assertion.

IMO, the text in SAML core, should be changed to say something like:

676: An XML Signature [XMLSig] element that identifies a cryptographic 
key that must be demonstrated to satisfy the confirmation method.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]