[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: AI 0027, proposed signature note text
Here is some possible new text for the Note (Action item 27, http://www.oasis-open.org/apps/org/workgroup/security/members/action_item.php?action_item_id=80 ) Note: * Unless a profile specifies an alternative signature mechanism, enveloped XML Digital Signatures are to be used. * A digital signature is NOT always required in SAML. It is useful to characterize these situations. * In some circumstances signatures may be "inherited", such as an unsigned assertion "inheriting" signature benefits from a signature on the containing message. "Inherited" signatures should be used with care when the contained object (such as the assertion) is intended to have a lifetime. The reason is that the entire context must be retained for validation, exposing the messaging content and adding potentially unnecessary overhead. * Profiles may specify alternative signature mechanisms such as S/MIME or signed Java objects that contain SAML documents. Caveats about retaining context and interoperability apply. XML Signatures are intended to be the primary SAML signature mechanism, but the specifications attempt to ensure compatability with profiles that may require other digital signing mechanisms. regards, Frederick Frederick Hirsch Nokia Mobile Phones
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]