[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SAML2 Holder-of-Key Subject Confirmation Profile
An initial draft of a SAML2 Holder-of-Key Subject Confirmation Profile has been uploaded to kavi: http://wiki.oasis-open.org/security/SAMLHoKSubjectConfirmation From the abstract: This profile describes the issuing and processing of a holder-of-key <saml:SubjectConfirmation> element. Specifically, we show how an identity provider binds X.509 data to a <ds:KeyInfo> element and how a service provider confirms that a <ds:KeyInfo> element matches given X.509 data. The binding material used by the identity provider and the matching data used by the service provider is obtained from a standard X.509 certificate. I bothered to write this profile because AFAIK there is little written about HoK subject confirmation, and we seem to need it, both for the "Holder-of-Key Web Browser SSO Profile" currently under consideration by the SSTC and for a series of related holder-of-key profiles I've committed to write over the next couple of months. Anyway, I'd be happy to hear your comments regarding any aspect of this profile. Thanks in advance, Tom Scavo NCSA
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]