[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] How does an artifact issuer "authenticate" the sender of the <ArtifactResolve> message?
As the ArtifactResolve message is sent
over the SOAP channel, authentication of the sender can take place at the
transport level (e.g. using SSL Mutual Authentication, HTTP Basic Authentication
over a server-side SSL connection, etc), or at the SAML level by having the
requester digitally sign the message and validating the signature at the
receiver and making sure the certificate used to validate the message is “trusted”. Rob Philpott From: Costello, Roger
L. [mailto:costello@mitre.org] Hi Folks, In section 3.6.5.2 of the
Binding’s specification it says: If the actual SAML protocol message is intended for a
specific recipient, then the artifact’s issuer MUST authenticate the
sender of the subsequent <ArtifactResolve> message before returning the
actual message. Question: how does an artifact issuer
“authenticate the sender” of the <ArtifactResolve>
message? There doesn’t seem to be anything within an
<ArtifactResolve> message for authentication. Thanks. /Roger |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]