[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Use of Audience as delegation flag
An internal comment from Oracle about the use of an <Audience> element to "flag" an assertion that might be delegated. In sstc-saml-constrained-delegation-draft-00 an audience element with value: urn:oasis:names:tc:SAML:2.0:profiles:delegation is used to signal delegation. Now, core-02 describes <audience> in the following way: <Audience> A URI reference that identifies an intended audience. The URI reference MAY identify a document that describes the terms and conditions of audience membership. It MAY also contain the unique identifier URI from a SAML name identifier that describes a system entity (see Section 8.3.6). The question is whether this is an appropriate use of <Audience>. The introduction of a new element, as is the case for <OneTimeUse> and <ProxyRestriction> might be more appropriate. ----------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]