[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Destination vs. Recipient and signing of Assertion vs. Response
On 11/22/07, Scott Cantor <cantor.2@osu.edu> wrote: > > I believe that the SSO profile says explicitly that you can sign > either layer, but I don't have it in front of me right this second. See the SAML V2.0 Errata document: http://docs.oasis-open.org/security/saml/v2.0/sstc-saml-approved-errata-2.0.pdf Lines 625--630 say the following: Original at Section 4.1.4.5, lines 600-601: If the HTTP POST binding is used to deliver the <Response>, the enclosed assertion(s) MUST be signed. New at Section 4.1.4.5, lines 600-601: If the HTTP POST binding is used to deliver the <Response>, each assertion MUST be protected by a digital signature. This can be accomplished by signing each individual <Assertion> element or by signing the <Response> element. Hope this helps, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]