[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Correction to my diatribe about assertion Subjects on last call
I think returning an assertion with both <SubjectConfirmation> methods is the best choice when the request issuer explicitly asks for bearer confirmation and the IdP is comfortable issuing such an assertion. There's enough explicit explanatory text in the profile that I think implementors and deployers would be aware of the consequences. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]