[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Strawman: Kerberos Subject Confirmation Method
This is a straw-man for the 'Kerberos Subject Confirmation Method' that has been the subject of recent discussion. It is intended to allow a SAML Requester to confirm an attesting party using the Kerberos protocol. Comments welcome, josh. --- URI: urn:oasis:names:tc:SAML:2.0:cm:kerberos A <NameID> element MUST be present within the <SubjectConfirmation> element. This element MUST identify an entity using the Kerberos Principal Name name identifier type [SAML2Core]. The named Kerberos principal is considered to be the subject of the assertion by the asserting party, subject to optional constraints on confirmation using the attributes that MAY be present in the <SubjectConfirmationData> element, as defined by [SAMLCore]. Example: The Kerberos principal named "joe@EXAMPLE.ORG" can confirm itself as the subject. <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:kerberos"> <NameID type="urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos"> joe@EXAMPLE.ORG </NameID> </SubjectConfirmation>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]