[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Proposal for assertion-level subjects
> One of the benefits that I was looking forward to with assertion-level > subjects was only having to confirm the subject *once* in the common > case, and I'm not sure how that is impacted by this proposal. > > In the presumably common case that there is one SubjectConfirmation > method that a number of statements share, does this proposal allow an > assertion-level expression of that method? I think that has to be part of the solution, or we lose much of the benefit. In fact, it seems clear to me that Subject as currently defined is really one of two things: An identifier + optional subject confirmation or subject confirmation That suggests that what we're really doing is giving assertions a single subject identifier (via a choice of BaseIdentifier, NameIdentifier, EncryptedIdentifier) and then separating out subject confirmation from that. So Subject per se is gone. My assumption is that SubjectConfirmation itself becomes a sequence of elements, each one containing an optional identifier, a method, and method-dependent data. The sequence would appear both in the assertion (following the subject identifier) and in each statement. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]