[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Moving subjects up to assertions (disregardfirst reply)
> And... SubjectLocality, in the AuthenticationStatement, kinda relates to > a Subject - which would no longer be present in the statement itself. > Again, that seems a bit strange. Well, SubjectLocality is nominally data about the authentication event. It's definitely at least a cousin of SubjectConfirmation in terms of actual use (checking client addresses during SSO), but I don't know that it doesn't still belong in AuthenticationStatement independent of that use. If we start arguing everything related to a Subject shouldn't be in the statements, it's really arguing to eliminate statements and collapse the data model. I didn't originally push hard for this wholesale optimization for exactly that reason, I saw a slippery slope. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]