OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SAML2 Holder-of-Key Subject Confirmation Profile

An initial draft of a SAML2 Holder-of-Key Subject Confirmation Profile
has been uploaded to kavi:


From the abstract:

This profile describes the issuing and processing of a holder-of-key
<saml:SubjectConfirmation> element. Specifically, we show how an
identity provider binds X.509 data to a <ds:KeyInfo> element and how a
service provider confirms that a <ds:KeyInfo> element matches given
X.509 data. The binding material used by the identity provider and the
matching data used by the service provider is obtained from a standard
X.509 certificate.

I bothered to write this profile because AFAIK there is little written
about HoK subject confirmation, and we seem to need it, both for the
"Holder-of-Key Web Browser SSO Profile" currently under consideration
by the SSTC and for a series of related holder-of-key profiles I've
committed to write over the next couple of months.

Anyway, I'd be happy to hear your comments regarding any aspect of this profile.

Thanks in advance,

Tom Scavo

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]