On 11/12/13, 3:16 AM, "Josh Howlett" <[email protected]> wrote: >>> >>>Sigh, I got the Requester and Presenter the wrong way around. Is this >>>then best tackled using subject confirmation? If so, would it be too >>>much of a >>>stretch to use Holder of Key where the KeyInfo contains a KeyName naming >>>the AAA entity? >> >>That only works in one direction, and I think you need both here. > >Not for the specific issue -- of the AAA entity demonstrating its >authority to wield the assertion to the RP -- that Sam highlighted.
If it's acting as the entity being authenticated by the assertion, then that would be subject confirmation of some kind, yes. Holder of key can be interpreted pretty generally if it's desired. But I don't see how that entity is really acting as the attesting entity. It's not acting on behalf of the subject of the assertion, is it? -- Scott _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
