OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] How does an artifact issuer "authenticate" the sender of the <ArtifactResolve> message?


As the ArtifactResolve message is sent over the SOAP channel, authentication of the sender can take place at the transport level (e.g. using SSL Mutual Authentication, HTTP Basic Authentication over a server-side SSL connection, etc), or at the SAML level by having the requester digitally sign the message and validating the signature at the receiver and making sure the certificate used to validate the message is “trusted”.

 

Rob Philpott
Senior Consulting Engineer
RSA Security Inc.
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
Email:
rphilpott@rsasecurity.com
I-name:  =Rob.Philpott


From: Costello, Roger L. [mailto:costello@mitre.org]
Sent: Thursday, June 22, 2006 9:55 AM
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] How does an artifact issuer "authenticate" the sender of the <ArtifactResolve> message?

 

Hi Folks,

 

In section 3.6.5.2 of the Binding’s specification it says:

 

If the actual SAML protocol message is intended for a specific recipient, then the artifact’s issuer MUST authenticate the sender of the subsequent <ArtifactResolve> message before returning the actual message.

 

Question: how does an artifact issuer “authenticate the sender” of the <ArtifactResolve> message?  There doesn’t seem to be anything within an <ArtifactResolve> message for authentication.

 

Thanks.  /Roger



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]