[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] errata on SAML core,section 5.3 Signature Inheritance
Sorry if this might have been mentioned before, but section 5.3 of cs-sstc-core-00.pdf seems poorly-written enough to be potentially problematic. Section 5.3.1 supplies rationale. Lines 1398 and 1399 say: In such a case, the SAML sub-message (Assertion, request, response) may be viewed as inheriting a signature from the "super-signature" over the enclosing object, provided certain constraints are met. Lines 1400-1401 offer only one such constraint, labelled (1). Lines 1402-1403 repeat this text, without the label. Section 5.3.2, called "Rules for SAML Signature Inheritance", as far as I can tell says exactly what the previous section says, adding only the sentence in line 1408: 'The SAML message inherits the "closest enclosing signature."' It looks to me like there needs to be only a section 5.3, and that the lines 1398-1410 could be reduced to three or four lines. I'd supply the text but I'm too tired right now. - RL "Bob"
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC