security-services message

Subject: Re: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-09

From: Nate Klingenstein <ndk@internet2.edu>
To: "Tom Scavo" <trscavo@gmail.com>
Date: Wed, 12 Nov 2008 02:48:52 +0000

Tom,

Yeah, I agree. I've uploaded a new edition of -09 that reflects this (and captures Scott's response to you, which as editor I missed), to avoid going through another revision cycle just for that.

http://www.oasis-open.org/apps/org/workgroup/security/download.php/30012/sstc-saml-holder-of-key-browser-sso-draft-09.pdf

http://www.oasis-open.org/apps/org/workgroup/security/download.php/30013/sstc-saml-holder-of-key-browser-sso-draft-09.odt

Thanks for putting in a little overtime,

Nate.

On 12 Nov 2008, at 01:46, Tom Scavo wrote:

I don't think there's any doubt about that. If a <saml:Subject> is

included in the request, "strongly matches" pretty much guarantees

every assertion is HoK. If there is no <saml:Subject> in the request,

we've chosen to interpret that as HoK subject confirmation using

<ds:X509Certificate>, so "strongly matches" still applies

(implicitly).

References:
- Groups - sstc-saml-holder-of-key-browser-sso-draft-08.pdf (sstc-saml-holder-of-key-browser-sso-draft-09.pdf) uploaded
  - From: ndk@internet2.edu
- Re: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-08.pdf (sstc-saml-holder-of-key-browser-sso-draft-09.pdf) uploaded
  - From: Nate Klingenstein <ndk@internet2.edu>
- Re: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-08.pdf (sstc-saml-holder-of-key-browser-sso-draft-09.pdf) uploaded
  - From: "Tom Scavo" <trscavo@gmail.com>