OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Use of Audience as delegation flag

An internal comment from Oracle about the use of an <Audience> element 
to "flag" an assertion that might be delegated.

In sstc-saml-constrained-delegation-draft-00 an audience element with value:


is used to signal delegation.

Now, core-02 describes <audience> in the following way:


A URI reference that identifies an intended audience. The URI reference 
MAY identify a document
that describes the terms and conditions of audience membership. It MAY 
also contain the unique
identifier URI from a SAML name identifier that describes a system 
entity (see Section 8.3.6).

The question is whether this is an appropriate use of <Audience>. The 
introduction of a new element, as
is the case for <OneTimeUse> and <ProxyRestriction> might be more 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]