OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: AuthnRequest Subject vs. NameIDPolicy usage

Title: Message
All, I'm trying to understand Profiles section (<AuthnRequest> Usage). Specifically the fact that Subject is allowed and how this related to NameIDPolicy.  I assume the reason Subject is allowed is to because the requesting service provider may know the subject's identity and wants the identity provider to match this against the user being authenticated. It would seem that this should imply that NameIDPolicy's Format and SPNameQualifier attributes MUST be omitted in this case. The AllowCreate attribute could be used as it currently is. Is that the intent? If not and both are used such that the Format and/or SPNameQualifier attributes are defined in both (and of course possibily different), what would be the processing rules?
I'm proposing that these two attributes in NameIDPolicy not be used when using Subject.

Thomas Wisniewski
Software Architect
Phone: (201) 891-0524
Cell: (201) 248-3668
Securing Digital Identities
& Information


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]