[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Proposed clean up on subject text
Philpott, Robert wrote on 11/12/2004, 12:35 PM: > [RSP] I agree with Scott. Parties could potentially agree on > out-of-band mechanisms of confirmation that aren't conveyed in the > assertion subject. The OOB mechanism could be something other than > bearer. Lacking an OOB agreement, I agree that bearer would probably be > the default. So, from the assertion's point of view, it's a bearer token unless there is some OOB agreement as to how it can be presented (such as a case where the token must be presented on a client-auth SSL connection). In other words, the assertion makes no requirements on what one has to do to confirm the subject. Other things may come into play, but that's OOB and OOScope. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]