[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: issue: description of SubjectConfirmation/KeyInfo (in SAML core)precludes impersonation
676: <ds:KeyInfo> [Optional] 676: An XML Signature [XMLSig] element that provides access to a cryptographic key held by the subject. The wss stp attempts to describe a holer-of-key impersonation model, where the entity that confirms knowledge of the key is other than the subject of the assertion. IMO, the text in SAML core, should be changed to say something like: 676: An XML Signature [XMLSig] element that identifies a cryptographic key that must be demonstrated to satisfy the confirmation method.