[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] [XML Signature]SAML profile of XML Signat ure
One thing that has been a concern for me throughout DigSig is that the terminally clueless are apt to write a routine of the form: 1) Take Assertion 2) Check Signature 3) Trust the assertion The problem being that the scope of the signature may not be correct. An application that uses DigSig should do the following: 1) Take Assertion 2) Process through the transformation steps specified in the Signature 3) Check the signature 4) Trust the output of the transformation steps. Phill Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227 > -----Original Message----- > From: Krishna Sankar [mailto:ksankar@cisco.com] > Sent: Wednesday, October 24, 2001 10:07 PM > To: oasis sstc > Subject: [security-services] [XML Signature]SAML profile of XML > Signature > > > Hi all, > > Here is version 0.002. I have the change bars (for > those who had read thru > the previous version). > > 1. Would like to get a read on the document. What > else need to be added ? > My initial feeling is that we leave the keyInfo, the choice > of algorithms et > al to the users. IMHO, this spec should be as thin as possible. > 2. Are you comfortable with the issues and > resolution in Section 6 ? > 3. There is the issue of associating payload with > a header et al. I think > that belongs to the bindings document as there is no generic way of > expressing this relationship without knowing the protocol (E.g.. SOAP) > > cheers > >
Phillip Hallam-Baker (E-mail).vcf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC