security-services message

Subject: Potential Errata: Holder of Key is still broken?

From: Prateek Mishra <prateek.mishra@oracle.com>
To: security-services@lists.oasis-open.org
Date: Tue, 17 Jan 2006 00:34:01 -0500

I recall an extensive discussion around the removal of the phrase "held 
by the subject" in reference to holder of key.
The idea was that HoK described a key that required proof of possession 
by a attesting entity vs. being held by the subject,

Appropriate text does appear in  lines 781-783 of saml2-core. However, 
lines 335-337 of saml2-profiles reads
[quote]
 As described in [XMLSig], each <ds:KeyInfo> element holds a key or 
information that enables an
application to obtain a key. The holder of a specified key is considered 
to be the subject of the assertion
by the asserting party.
[quote]

Proposal: replace the last sentence by 

"The holder of a specified key is considered to be an acceptable 
attesting entity for the assertion by the relying party"

References:
- RE: [security-services] Groups - sstc-saml-constrained-delegation-profile-draft-00.pdf uploaded
  - From: Thomas Wisniewski <Thomas.Wisniewski@entrust.com>
- Re: [security-services] Groups - sstc-saml-constrained-delegation-profile-draft-00.pdf uploaded
  - From: Prateek Mishra <prateek.mishra@oracle.com>