Subject: RE: [security-services] what's an "assertion profile"?
> Using this terminology, perhaps a more appropriate title is a "SAML2 > Holder-of-Key Assertion Profile". In fact, the profile already > includes a definition of "holder-of-key assertion" so "holder-of-key > assertion profile" seems to make sense. > > Comments? I think that's pretty much what we were thinking, yes. A Subject Confirmation profile is probably just a special case of that, and given that the term is somewhat obscure... You're just taking a particular set of assertion content and profiling it down to be more constrained than the original specification requires. As I said in some of the email conversations we had, I would actually encourage that the document have nothing in it about requests or responses, as I think that's completely orthogonal. -- Scott