[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] suggested HoK URIs and namespace prefixes
> SAML V2.0 Self-AuthnRequest SSO Profile > xmlns:ssos="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:self" > > SAML V2.0 Attribute Self-Query Profile > xmlns:selfqry="urn:oasis:names:tc:SAML:2.0:profiles:holder-of- > key:query:attribute:self" This has nothing much to do with the URIs per se, but I'm not clear on why we would every want to write profiles that constrain the relationship between the requester and the subject. That seems like policy to me. The relevant distinctions tend to be more about the difference (if any) between the relying party and the requester. As an example, there's no good reason why a profile has to address whether one user can request a token to act as another. That's policy. The messages would be the same (structurally) in either case. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]