OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Question re: SubjectConfirmation in Delegated Tokens (sstc-saml-delegation)

A colleague asked me to this question and I wasn't sure of the answer.


Subject: SubjectConfirmation in Delegated Tokens


Section 2.5 of sstc-saml-delegation.pdf
df) states:

 "For consistency with the existing SAML-defined syntax, it is 
 RECOMMENDED that the identifier of the most recent delegate 
 (within the last element in the condition, per section 2.4) 
 be duplicated within the relevant <saml:SubjectConfirmation> 
 elements in the containing assertion."

Does this mean that the <saml:SubjectConfirmation> of the most recent
delegate should replace any elements existing in the delegatable token
or that they should be added to?

So is the intent that a delegated token should contain a single
<saml:SubjectConfirmation> element for the most recent delegate or that
it should contain a <saml:SubjectConfirmation> element for each delegate
and one for the original subject?

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]