A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : claimSigning Extended Key Usage (EKU)
Author(s) : Matt King
Matt Tebo
Wendy Brown
Dave Silver
Chris Louden
Patrick Patterson
Filename : draft-king-pkix-claimsigning-extn-01.txt
Pages : 10
Date : 2011-05-25
This memo specifies an Extended Key Usage (EKU) X.509 certificate
extension which indicates that the certificate holder is authorized
to sign security tokens to assert claims, or attributes, about a
principal.
When an owner of a certificate that asserts the claimSigning EKU
signs a claim, the owner is asserting that a statement about the
principal is true. For example, a IdP secure token service (STS)
would use an X.509 certificate containing the claimSigning EKU to
sign SAML assertions containing an identifier and attributes about a
user. This additional EKU value would further allow the
differentiation of certificates used to identify a particular server
from those used by the server to sign identity or attribute claims.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-king-pkix-claimsigning-extn-01.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-king-pkix-claimsigning-extn-01.txt
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
