[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-08.pdf (sstc-saml-holder-of-key-browser-sso-draft-09.pdf) uploaded
On Tue, Nov 11, 2008 at 8:27 PM, Nate Klingenstein <ndk@internet2.edu> wrote: > Also note that the some of the requirements in 2.5.3 might be merged. For > example, rather than the split text on 425-427 and 431-435, we might just > require that every assertion returned in the response be holder-of-key. I don't think there's any doubt about that. If a <saml:Subject> is included in the request, "strongly matches" pretty much guarantees every assertion is HoK. If there is no <saml:Subject> in the request, we've chosen to interpret that as HoK subject confirmation using <ds:X509Certificate>, so "strongly matches" still applies (implicitly). Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]