[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Proposed clean up on subject text
> Scott, the sequencing of 'the name identifier and associated with the > claims in the assertion' > > could be interpreted as > > "the relying party can treat the entity presenting the assertion as an > entity that the SAML authority has associated with the entity > identified in the name identifier and **also** associated with the claims > in the assertion. The confirming entity and the actual subject may > or may not be the same entity. That is my intention, because the relationship is transtive: Confirming entity "treated as" entity having NameID "associated with" claims Thus: Confirming entity "treated as" "associated with" claims And I should say, I did agree with Rob/Ron that the "can" should be a MAY. So that's another small change I'd make. Anyway, I didn't see the distinction that Conor was making, I guess. Yes, the statements are always about the subject. But the point is to say that SC allows the confirming entity to be treated as the subject. Thus, you're associating the claims (and the NameID if any) with the confirming entity. Note that "associate claims with" does not mean "the claims are about". -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]