OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] Re: [Shib-Users] shib2 sp + unsigned slo messages


> Yup, I know the profile doc says so. But I don't understand what
> threat you are protecting against when ensuring integrity of the
> LogoutRequest?

I would imagine it's to prevent somebody from invalidating somebody else's
session. It probably was more of a response requirement and just got put in
for symmetry. Responses certainly have to be signed or the protocol is
useless.

-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]