[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Verifying SAML SSO responses...
> I see the signatures in the response XML, however I don't know what I > need to do to very the "signatures". Can someone explain, or point me > to a resource? Core includes a section detailing SAML use of XML Signature, with appropriate reference to the standard, currently the 1.0 Second Edition document (per the errata, which you certainly had better be using, not the original documents). That's merely the smallest part of the question. Verifying signatures is both an XML and cryptogrpaphic processing issue (using an appropriate library or writing one), but then you have trust management, which is a whole other set of issues. > I do have all the OASIS specs, and have read them several times, but I > don't recall seeing where this was explained. Verifying the signature is addressed fully, trusting it is not, it was out of scope. The only defined profile for this is the Metadata Interoperability Profile, which is a Committee Spec. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]