OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] suggested HoK URIs and namespace prefixes

> SAML V2.0 Self-AuthnRequest SSO Profile
> xmlns:ssos="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:self"
> SAML V2.0 Attribute Self-Query Profile
> xmlns:selfqry="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-
> key:query:attribute:self"

This has nothing much to do with the URIs per se, but I'm not clear on why
we would every want to write profiles that constrain the relationship
between the requester and the subject. That seems like policy to me.

The relevant distinctions tend to be more about the difference (if any)
between the relying party and the requester.

As an example, there's no good reason why a profile has to address whether
one user can request a token to act as another. That's policy. The messages
would be the same (structurally) in either case.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]