I-D Action: draft-king-pkix-claimsigning-extn-03.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title           : claimSigning Extended Key Usage (EKU)
	Author(s)       : Matt King
                          Matt Tebo
                          Wendy Brown
                          Dave Silver
                          Chris Louden
                          Patrick Patterson
	Filename        : draft-king-pkix-claimsigning-extn-03.txt
	Pages           : 13
	Date            : 2011-12-27

   This document specifies an Extended Key Usage (EKU) value which
   indicates that the certificate holder is authorized to sign security
   tokens to assert claims, or attributes, about a subject.

   When a certificate that asserts the claimSigning EKU signs a claim,
   the owner of the service holding that certificate is asserting that a
   statement about the subject is true. For example, a IdP secure token
   service (STS) would use an X.509 certificate containing the
   claimSigning EKU to sign SAML assertions containing an identifier and
   attributes about a user. This EKU value would allow for a separation
   between the designation that a given Identity belongs within a given
   Federation, and the empowerment of that entity within the federation
   to sign claims..  This approach allows for greater flexibility for
   the operators of Federated systems and for Certification Authorities
   and avoids the overloading of other, already established methods
   (such as Assurance Level designation via certificatePolicy OID).



A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-king-pkix-claimsigning-extn-03.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-king-pkix-claimsigning-extn-03.txt

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux