security-services message

Subject: Re: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-10

From: "Tom Scavo" <tscavo@ncsa.uiuc.edu>
To: "Scott Cantor" <cantor.2@osu.edu>
Date: Tue, 6 Jan 2009 14:38:47 -0500

On Tue, Jan 6, 2009 at 1:03 PM, Scott Cantor <cantor.2@osu.edu> wrote:
>
>> If the choice is arbitrary, then I see no point of allowing multiple
>> elements to begin with.  Unless there is a possible use case, no
>> matter how far fetched, I suggest we restrict ourselves to one and
>> only one AuthnStatement.
>
> I think the primary issue is that if you include multiple assertions that
> relate to other profiles, some of them are likely to have authentication
> statements (in most cases identical ones). I don't think you can have a rule
> that says only one statement can appear across all of them.

Okay then, I'll leave multiple AuthnStatements in the spec but leave
the processing of multiple AuthnStatements unspecified.

Thanks,
Tom

Follow-Ups:
- Re: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-10
  - From: "Tom Scavo" <tscavo@ncsa.uiuc.edu>

References:
- comments re sstc-saml-holder-of-key-browser-sso-draft-10
  - From: "Tom Scavo" <trscavo@gmail.com>
- Re: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-10
  - From: "Tom Scavo" <tscavo@ncsa.uiuc.edu>
- Re: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-10
  - From: "Tom Scavo" <tscavo@ncsa.uiuc.edu>