OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-10

On Tue, Jan 6, 2009 at 1:03 PM, Scott Cantor <cantor.2@osu.edu> wrote:
>> If the choice is arbitrary, then I see no point of allowing multiple
>> elements to begin with.  Unless there is a possible use case, no
>> matter how far fetched, I suggest we restrict ourselves to one and
>> only one AuthnStatement.
> I think the primary issue is that if you include multiple assertions that
> relate to other profiles, some of them are likely to have authentication
> statements (in most cases identical ones). I don't think you can have a rule
> that says only one statement can appear across all of them.

Okay then, I'll leave multiple AuthnStatements in the spec but leave
the processing of multiple AuthnStatements unspecified.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]