OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: issues with sstc-saml2-holder-of-key-draft-02

For the purposes of discussion, this is a brief summary of the open
issues regarding the "SAML V2.0 Holder-of-Key Assertion Profile":


1. Should the non-normative Background section (2.2) be eliminated (or
significantly pared down)?

2. The following two normative requirements are specified:

i) The presenter MUST present an X.509 public key certificate
ii) The presenter MUST prove possession of the corresponding private key

Should these requirements be removed from the profile?

3. Is there a need for a ProofInstant attribute (analogous to AuthnInstant)?

4. How should a relying party process ds:X509Certificate, by comparing
certificates (byte for byte) or comparing keys?

5. What are the conformance requirements?  (Currently,
ds:X509Certificate and ds:X509SKI are specified as required to

Tom Scavo

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]