saml-dev message

Subject: How does an artifact issuer "authenticate" the sender of the <ArtifactResolve> message?

From: "Costello, Roger L." <costello@mitre.org>
To: <saml-dev@lists.oasis-open.org>
Date: Thu, 22 Jun 2006 09:55:28 -0400

Hi Folks,

In section 3.6.5.2 of the Binding’s specification it says:

If the actual SAML protocol message is intended for a specific recipient, then the artifact’s issuer MUST authenticate the sender of the subsequent <ArtifactResolve> message before returning the actual message.

Question: how does an artifact issuer “authenticate the sender” of the <ArtifactResolve> message? There doesn’t seem to be anything within an <ArtifactResolve> message for authentication.

Thanks. /Roger

Follow-Ups:
- RE: [saml-dev] How does an artifact issuer "authenticate" the sender of the <ArtifactResolve> message?
  - From: "Philpott, Robert" <rphilpott@rsasecurity.com>
- Re: [saml-dev] How does an artifact issuer "authenticate" the sender of the <ArtifactResolve> message?
  - From: "Tom Scavo" <trscavo@gmail.com>