[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Authentication Response IssuerName vs. As sertionIssuerName
I was adding onto Scott's point (so Scott said a MUST for encrypting and I said it probably should *also* be a MUST for signing.Conor, what do you do in the case where the Response is not signed but someone is sending you an EncryptedAssertion?
How do you know who the issuer is (particularly if it's an unsolicited Response)?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]