[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Proposed clean up on subject text
+1 Rob Philpott Senior Consulting Engineer RSA Security Inc. Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 mailto:rphilpott@rsasecurity.com > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Friday, November 12, 2004 1:36 PM > To: 'Steve Anderson' > Cc: 'SAML' > Subject: RE: [security-services] Proposed clean up on subject text > > > What about the case of, say, an Attribute query over SOAP? An Attribute > > Authority will respond with an assertion saying that "the entity with > > identifier X has the following associated attributes". > > > > I don't imagine that subject confirmation would be included, because the > > referenced entity isn't part of the exchange. So, the default > > interpretation of that assertion should definitely not be "bearer". > > Right, that's my use case today. > > > I'd like to see text in core, section 2.4.1 "Element <Subject>", state > > that the absence of any SubjectConfirmation elements MUST be interpreted > > as having no correlation to any presenter of the assertion. Leaving it > > up in the air seems very dangerous to me. > > I'm happy saying it's just "unspecified", as Ron said...the authority is > making no statement about subject confirmation whatsoever. > > -- Scott > > > To unsubscribe from this mailing list (and be removed from the roster of > the OASIS TC), go to http://www.oasis- > open.org/apps/org/workgroup/security-services/members/leave_workgroup.ph p.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]