[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-06.pdf (sstc-saml-holder-of-key-browser-sso-draft-06.pdf) uploaded
And, my initial comments that don't seem to have been captured in the email itself: This is a simplification revision. I've removed two angles of flexibility from the previous draft: (1) All text about embedding keying information in AuthnRequests is gone. It introduces confusion and really didn't accomplish much that couldn't be done with a signed request with a Subject. (2) After struggling mightily with it for hours, I couldn't come up with a particularly sane method or reason to support a wide variety of keying information. The signature of the assertion alone is enough to bump against size limits, and using the same certificate at both places is generally good for users, so I don't think this is worth the cost in complexity and confusion. A couple other minor changes have been made as well. Talk to you in 10 hours, Nate.