Shibboleth Developers

["Tom Scavo" <>]

On Jan 8, 2008 4:44 PM, Josh Howlett 
<>
 wrote:
>
> ... "By embedding a public key inside a
> HolderOfKey SubjectConfirmation , the issuer enables a client that can
> prove ownership of the key to use the assertion, while nobody else can
> do so."
>
> How does the issuer know the client's public key?

Suppose, for example, that a user self-queries an IdP for attributes
and authenticates using an X.509 certificate.  The user proves
possession of the corresponding private key and the IdP, therefore,
binds the user's public key (certificate) to the issued assertion.

> How does the Relying Party, in possession of the client's public key,
> use it to validate the client?

Again, suppose the user, now in possession of signed, holder-of-key
attribute assertion, turns around and presents this assertion to an
SP.  Suppose the user authenticates to the SP using the same X.509
certificate s/he used to authenticate to the IdP, and proves
possession of the corresponding private key.  Voila!  If the
certificates match (i.e., the cert presented to the SP and the cert
bound to the assertion), then holder-of-key subject confirmation has
been met and the SP may accept the assertion.

> I sense that this is intended as a means of binding the issuer's
> assertion to a PKI shared by the issuer, client and relying party -
> which sounds cool. However, I fail to understand the mechanics of how
> this is achieved. Any help/pointers/etc would be greatly appreciated.

Hope this helps,
Tom