[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Discrepancy in SAML Spec
Hi all, I just found a discrepancy in the current published version of the SAML 2.0 Profiles specification. http://www.oasis-open.org/committees/download.php/35389/sstc-saml-profiles-errata-2.0-wd-06-diff.pdf On the one hand, the Web SSO Profile specifies (section 4.1.3.5, lines 553-555): "The <Assertion> element(s) in the <Response> MUST be signed, if the HTTP POST binding is used." On the other hand, section 4.1.4.5 (lines 685-687) defines: If the HTTP POST binding is used to deliver the <Response> each assertion MUST be protected by a digital signature. This can be accomplished by signing each individual <Assertion> element or by signing the <Response> element. I hope this is the correct mailing list for filing such an issue. Best regards, Bernd
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]