OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Discrepancy in SAML Spec


Hi all,

I just found a discrepancy in the current published version of the SAML
2.0 Profiles specification.
http://www.oasis-open.org/committees/download.php/35389/sstc-saml-profiles-errata-2.0-wd-06-diff.pdf

On the one hand, the Web SSO Profile specifies (section 4.1.3.5, lines
553-555):
"The <Assertion> element(s) in the <Response> MUST be signed, if the
HTTP POST binding is used."

On the other hand, section 4.1.4.5 (lines 685-687) defines:
If the HTTP POST binding is used to deliver the <Response> each
assertion MUST be protected by a digital signature. This can be
accomplished by signing each individual <Assertion> element or by
signing the <Response> element.

I hope this is the correct mailing list for filing such an issue.

Best regards,
Bernd


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]