[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Authentication Response IssuerName vs. Assertion IssuerName
> Yes, then there's an errata. Line 541 in profiles. Basically > says issuer (for an AuthnRequest Response) MAY be omitted. I > believe this is the only spot in profiles. > > Jahan, can you add an errata item to change line 541 to > > "the <Issuer> element MUST be present and MUST contain the > unique identifieir of the" > > The main reason is that Issuer should should be a MUST in the > SSO Response protocol. Ah, ok. So I think the point there was to allow people to assume Issuer based on the Assertion, thus your point about encryption... A compromise might be to just say, if you encrypt the assertion, it's required, otherwise it MAY be omitted. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]