[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Potential Errata: Holder of Key is still broken?
I recall an extensive discussion around the removal of the phrase "held by the subject" in reference to holder of key. The idea was that HoK described a key that required proof of possession by a attesting entity vs. being held by the subject, Appropriate text does appear in lines 781-783 of saml2-core. However, lines 335-337 of saml2-profiles reads [quote] As described in [XMLSig], each <ds:KeyInfo> element holds a key or information that enables an application to obtain a key. The holder of a specified key is considered to be the subject of the assertion by the asserting party. [quote] Proposal: replace the last sentence by "The holder of a specified key is considered to be an acceptable attesting entity for the assertion by the relying party"
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]