[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Proposed clean up on subject text
> I also think we should call out what it means if there are no > confirmations in the <Subject> (e.g. it is considered confirmed > by presentation). I thought no confirmation was equivalent to "unspecified", rather than "bearer" (but I agree, we could say this). > How about something along the lines of: > > A <Subject> element can contain both an identifier and zero > or more subject confirmations which a relying party can verify > when processing an assertion. If there are no subject > confirmations, or if any one of the listed subject confirmations > are verified, the relying party can treat the entity presenting > the assertion as an entity that the SAML authority has > associated with the entity identified in the name identifier > (which may or may not be the same entity). > > I don't think we need to bring in the claims at this point. The claims > are always about the name identifier (if present). I still wouldn't mind adding a small subphrase about the claims: "the relying party can treat the entity presenting the assertion as an entity that the SAML authority has associated with the entity identified in the name identifier and associated with the claims in the assertion (which may or may not be the same entity)." Apart from that and the note above about what zero confirmations means (obviously we should figure that out ;-) I can live with this. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]