OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] X509 Authn Attribute Profile erratum?

I believe the intro is wrong and that section 4.2.1 is correct.  I recommend changing the phrase:

 

both by signing the <Response> message and through TLS or SSL server authentication.

 

To

 

both by signing the <Assertion> element in the <Response> message and sending the <Response> using TLS or SSL server authentication.

 

Rob Philpott
Senior Consulting Engineer
RSA Security Inc.
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
Email: rphilpott@rsasecurity.com
I-name:  =Rob.Philpott

From: Ari Kermaier [mailto:ari.kermaier@oracle.com]
Sent: Tuesday, April 04, 2006 11:36 AM
To: security-services@lists.oasis-open.org
Subject: [security-services] X509 Authn Attribute Profile erratum?

 

In the overview in Section 4 "Encrypted/Signed Mode" line 194, the profile specifies that the responding IdP MUST sign the <Response>.

 

In Section 4.2.1 "<Response> Usage" line 250 and in Section 4.2.3 "Use of Digital Signatures" line 280 it specifies that the <Assertion> MUST be signed.

 

Which is it?

 

Ari Kermaier

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]