Holder of Key and Sender Vouches subject confirmation

Cantor, Scott cantor.2 at osu.edu
Thu Mar 27 11:53:35 EDT 2014


On 3/27/14, 11:49 AM, "Peter Schober" <peter.schober at univie.ac.at> wrote:

>* Cantor, Scott <cantor.2 at osu.edu> [2014-03-27 16:28]:
>> No, that's the required method for SSO. The IdP doesn't support adding
>> additional confirmations except in the specific case of the delegation
>> extension.
>
>Maybe the (broken) link to GridShib should be removed then, which claims
>to "[enable] the IdP to issue Holder-of-Key SAML assertions":
>https://wiki.shibboleth.net/confluence/display/SHIB2/Contributions

Well, I meant "things in the box or that we did as extensions", certainly
somebody else's extension could be supporting this. I don't have any idea,
but Tom was involved with GridShib, so I'm sure he can say if it's
strictly true or not.

But saying "it's only doing bearer" strongly suggests the OP doesn't
understand why it's only doing that, and why it would be very incorrect to
change it to something else.

-- Scott




More information about the users mailing list