OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Proposed clean up on subject text

> > I also think we should call out what it means if there are no
> > confirmations in the <Subject> (e.g. it is considered confirmed
> > by presentation).
> I thought no confirmation was equivalent to "unspecified", rather than
> "bearer" (but I agree, we could say this).
[RSP] I agree with Scott.  Parties could potentially agree on
out-of-band mechanisms of confirmation that aren't conveyed in the
assertion subject.  The OOB mechanism could be something other than
bearer.  Lacking an OOB agreement, I agree that bearer would probably be
the default.

> I still wouldn't mind adding a small subphrase about the claims:
> "the relying party can treat the entity presenting the assertion as an
> entity that the SAML authority has associated with the entity
> in
> the name identifier and associated with the claims in the assertion
> may or may not be the same entity)."
[RSP] four uses of the word "entity" makes this a bit confusing,
especially since the referenced entities are not always referring to the
same entity.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]