On Tue, 2008-04-01 at 08:34 +0530, Prabath Siriwardena wrote: > Hi; > > As per [1] : (In [2] this is defined as <AudienceRestriction> ) > > <extract> > > 2.3.2.1.3 Elements <AudienceRestrictionCondition> and <Audience> > ----------------------------------------------------------------- > > The <AudienceRestrictionCondition> element specifies that the assertion > is addressed to one or > more specific audiences identified by <Audience> elements. Although a > SAML relying party that is > outside the audiences specified is capable of drawing conclusions from > an assertion, the SAML authority > explicitly makes no representation as to accuracy or trustworthiness to > such a party. It contains the > following elements: > > <Audience> > ----------- > A URI reference that identifies an intended audience. The URI reference > MAY identify a document > that describes the terms and conditions of audience membership. > The audience restriction condition evaluates to Valid if and only if the > SAML relying party is a member of > one or more of the audiences specified. > The SAML authority cannot prevent a party to whom the assertion is > disclosed from taking action on the > basis of the information provided. However, the > <AudienceRestrictionCondition> element allows > the SAML authority to state explicitly that no warranty is provided to > such a party in a machine- and > human-readable form. While there can be no guarantee that a court would > uphold such a warranty exclusion in > > </extract> > > This is an optional element, which we currently do not support. > > I think it's logical to add an AudienceRestriction, by default to > "AppliesToAddress" - when present. > > Thoughts?
+1 Regards, Dimuthu > > Thanks & regards. > - Prabath > > [1]:http://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf > [2]:http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf > > _______________________________________________ > Identity-dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/identity-dev _______________________________________________ Identity-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
