OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Proposal for assertion-level subjects

> One of the benefits that I was looking forward to with assertion-level  
> subjects was only having to confirm the subject *once* in the common  
> case, and I'm not sure how that is impacted by this proposal.
> In the presumably common case that there is one SubjectConfirmation  
> method that a number of statements share, does this proposal allow an  
> assertion-level expression of that method?

I think that has to be part of the solution, or we lose much of the benefit.

In fact, it seems clear to me that Subject as currently defined is really
one of two things:

	An identifier + optional subject confirmation
	subject confirmation

That suggests that what we're really doing is giving assertions a single
subject identifier (via a choice of BaseIdentifier, NameIdentifier,
EncryptedIdentifier) and then separating out subject confirmation from that.
So Subject per se is gone.

My assumption is that SubjectConfirmation itself becomes a sequence of
elements, each one containing an optional identifier, a method, and
method-dependent data.

The sequence would appear both in the assertion (following the subject
identifier) and in each statement.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]