OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-08.pdf (sstc-saml-holder-of-key-browser-sso-draft-09.pdf) uploaded


On Tue, Nov 11, 2008 at 8:27 PM, Nate Klingenstein <ndk@internet2.edu> wrote:
> Also note that the some of the requirements in 2.5.3 might be merged.  For
> example, rather than the split text on 425-427 and 431-435, we might just
> require that every assertion returned in the response be holder-of-key.

I don't think there's any doubt about that.  If a <saml:Subject> is
included in the request, "strongly matches" pretty much guarantees
every assertion is HoK.  If there is no <saml:Subject> in the request,
we've chosen to interpret that as HoK subject confirmation using
<ds:X509Certificate>, so "strongly matches" still applies
(implicitly).

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]