[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] AssertionConsumerServiceIndex vs. AssertionConsumerURL
Scott Cantor wrote on 8/25/2004, 2:29 PM: > > So here's how it's an issue: > > <SubjectConfirmationData Recipient="URL submitted by bad provider"> Ahh... makes more sense now. I thought the Recipient would have a ProviderID in it, not the URL that the response was sent to. I'm not sure we want the URL in there in cases where this assertion isn't being used on an browser based SSO transaction. Need to think about this some more. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]