OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Authentication Response IssuerName vs. As sertionIssuerName



Thomas Wisniewski wrote on 6/10/2005, 10:16 AM:

Conor, what do you do in the case where the Response is not signed but someone is sending you an EncryptedAssertion?

How do you know who the issuer is (particularly if it's an unsolicited Response)?

I was adding onto Scott's point (so Scott said a MUST for encrypting and I said it probably should *also* be a MUST for signing.

I guess I could have clarified my concern to say "when the response isn't signed and the assertion is not encrypted".

Conor

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]