>> >>Yes, you're right. The current text conflates the two issues of the >>issuer >>authorising the presenter, versus the consumer identifying the issuer. I >>think the right way to do this is at the binding level using the >>response's Recipient attribute, which needs to name the NAS. > >I thought the goal was to relate the AAA entity sending the message to the >SAML entity issuing it, and that wouldn't be Recipient.
Sigh, I got the Requester and Presenter the wrong way around. Is this then best tackled using subject confirmation? If so, would it be too much of a stretch to use Holder of Key where the KeyInfo contains a KeyName naming the AAA entity? Josh. Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
