[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: HoK Assertion Request Profiles (draft-01)
To followup with more introductory information, this first draft of the HoK Assertion Request Profiles is intentionally conservative: - SSL/TLS is required. - Only one HoK assertion and one AuthnStatement are allowed (but one or more AttributeStatements are permitted). - If the X.509 certificate is untrusted, a "meaningless certificate" [AIXCM] is required. - Every request satisfies the logical equivalent of IsPassive="true" and ForceAuthn-"true". Also, there are a number of open issues (right off the bat): - I'm not sure if the HoK Self-Request Profile (section 2) is a protocol or a profile. - The Issuer (which is a DN) signals the use of this profile. Is there an easier way to signal this profile? I look forward to your comments. Tom On Sun, Dec 7, 2008 at 7:54 PM, Tom Scavo <trscavo@gmail.com> wrote: > Draft-01 of the SAML V2.0 Holder-of-Key Assertion Request Profiles has > been uploaded to kavi: > > http://wiki.oasis-open.org/security/SAMLHoKAssertionRequest > > This initial draft document describes how a subject self-issues a SAML > request and obtains a holder-of-key SAML assertion using an > AuthnRequest or an AttributeQuery. > > Tom Scavo > NCSA >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]