OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Proposed clean up on subject text

Philpott, Robert wrote on 11/12/2004, 12:35 PM:

 > [RSP] I agree with Scott.  Parties could potentially agree on
 > out-of-band mechanisms of confirmation that aren't conveyed in the
 > assertion subject.  The OOB mechanism could be something other than
 > bearer.  Lacking an OOB agreement, I agree that bearer would probably be
 > the default.

So, from the assertion's point of view, it's a bearer token unless there
is some OOB agreement as to how it can be presented (such as a case
where the token must be presented on a client-auth SSL connection).

In other words, the assertion makes no requirements on what one has
to do to confirm the subject.  Other things may come into play, but
that's OOB and OOScope.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]