[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Question re: SubjectConfirmation in Delegated Tokens (sstc-saml-delegation)
A colleague asked me to this question and I wasn't sure of the answer. Thoughts? Thanks! Subject: SubjectConfirmation in Delegated Tokens -------------------- Section 2.5 of sstc-saml-delegation.pdf (http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-delegation.p df) states: "For consistency with the existing SAML-defined syntax, it is RECOMMENDED that the identifier of the most recent delegate (within the last element in the condition, per section 2.4) be duplicated within the relevant <saml:SubjectConfirmation> elements in the containing assertion." Does this mean that the <saml:SubjectConfirmation> of the most recent delegate should replace any elements existing in the delegatable token or that they should be added to? So is the intent that a delegated token should contain a single <saml:SubjectConfirmation> element for the most recent delegate or that it should contain a <saml:SubjectConfirmation> element for each delegate and one for the original subject?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]