[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Authentication Response IssuerName vs. As sertionIssuerName
Scott Cantor wrote on 6/9/2005, 8:49 PM: > > I am concerned about making this a must. While I think there > > I think it has to be a MUST if you're encrypting, or there's no way to > know > who's sent you the assertion. We could add some kind of xenc extension to > carry something about that, but we didn't do that. I think it probably should also be a MUST if your signing the response. My main concern is for when the response isn't signed. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]