OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Propose addition of a SubjectRef element

> What about the integrity of an assertion that references a subject in
> another assertion. Couldn't this situation be really problematic,
> especially spoofed by replacing the referenced subject in an assertion
> with another assertion with a different subject? Or even an 
> accidental mix up?

That can be ruled out in the spec, and isn't legal schematically in most
cases if the SubjectRef pointer is typed as an IDREF since the ID must
appear in the same XML document. Some assertions could appear together in a
message, granted, but that's not the intent of the optimization.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]