[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Proposed clean up on subject text
> > > I also think we should call out what it means if there are no > > confirmations in the <Subject> (e.g. it is considered confirmed > > by presentation). > > I thought no confirmation was equivalent to "unspecified", rather than > "bearer" (but I agree, we could say this). [RSP] I agree with Scott. Parties could potentially agree on out-of-band mechanisms of confirmation that aren't conveyed in the assertion subject. The OOB mechanism could be something other than bearer. Lacking an OOB agreement, I agree that bearer would probably be the default. > > I still wouldn't mind adding a small subphrase about the claims: > > "the relying party can treat the entity presenting the assertion as an > entity that the SAML authority has associated with the entity identified > in > the name identifier and associated with the claims in the assertion (which > may or may not be the same entity)." [RSP] four uses of the word "entity" makes this a bit confusing, especially since the referenced entities are not always referring to the same entity.