[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Question on X509 Authn-based Attr Sharing Profile
> All, is there a place on the Saml site that describes the > usage/validation of the subject using holder-of-key > identifier (more detail than the SAML 2 Profile spec)? No, I asked this earlier. It applies to WSS as well, not anything particular to SAML. What does "use a ds:KeyInfo to verify..." mean in technical terms? If trust is out of scope (and it has been), then it means anything. So interoperability is impossible except in a few cases. To follow up Rick's last note, I don't think saying "out of band" is enough unless the plan is to allow any use of the element, as now. If you want anything more specific, the profile has to say that. For example, OOB doesn't imply KeyName to me. You could pass the cert, but still have the binding of cert to entity occur OOB. Metadata is one likely way, but that's OOB with respect to the SAML assertion. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]