[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: issues with sstc-saml2-holder-of-key-draft-02
For the purposes of discussion, this is a brief summary of the open issues regarding the "SAML V2.0 Holder-of-Key Assertion Profile": http://wiki.oasis-open.org/security/SAMLHoKSubjectConfirmation 1. Should the non-normative Background section (2.2) be eliminated (or significantly pared down)? 2. The following two normative requirements are specified: i) The presenter MUST present an X.509 public key certificate ii) The presenter MUST prove possession of the corresponding private key Should these requirements be removed from the profile? 3. Is there a need for a ProofInstant attribute (analogous to AuthnInstant)? 4. How should a relying party process ds:X509Certificate, by comparing certificates (byte for byte) or comparing keys? 5. What are the conformance requirements? (Currently, ds:X509Certificate and ds:X509SKI are specified as required to implement.) Tom Scavo NCSA
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]