OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Authentication Response IssuerName vs. As sertion IssuerName


> I think it probably should also be a MUST if your signing the
> response.
> 
> My main concern is for when the response isn't signed.

Ok, so with respect to the SSO profile, I would suggest changing lines
541-543 of profiles to:

"If the <Response> message is signed or if an enclosed assertion is
encrypted, then the <Issuer> element MUST be present. Otherwise it MAY be
omitted. If present it MUST contain the unique identifier of the issuing
identity provider; the Format attribute MUST be omitted or have a value of
urn:oasis:names:tc:SAML:2.0:nameid-format:entity."

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]