OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Authentication Response IssuerName vs. As sertionIssuerName




Scott Cantor wrote on 6/9/2005, 8:49 PM:

 > > I am concerned about making this a must.  While I think there
 >
 > I think it has to be a MUST if you're encrypting, or there's no way to
 > know
 > who's sent you the assertion. We could add some kind of xenc extension to
 > carry something about that, but we didn't do that.

I think it probably should also be a MUST if your signing the
response.

My main concern is for when the response isn't signed.

Conor




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]