OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Additional comments on core-02

Scott Cantor wrote on 11/1/2004, 11:32 AM:

 > > If this is what was meant, does this imply that when there is a name
 > > identifier, the entity that satisfies the subject confirmation
 > cannot be
 > > treated as the entity that
 > > the authority associates with the claims in the assertion?
 > That's certainly not my intent. Rob?

The statements in the assertion are about the name identifier.  The
subject confirmation is about who can present the assertion.   The
name identifier may be the name for the entity that can do the
confirmation (in which case the statements also happen to be about
the confirming entity since that entity is in the name identifer).

Statements are about a subject.  Subject confirmation is about who
can confirm the subject (and hence, present the assertion).   In
order for statements to be about the confirmer, the subject must
also specify the confirmer.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]