[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Assertion signing confusion
Sorry, indeed you did. E26, I think. I must have missed that -- it is a rather large set of changes. ET On 3/1/07 2:04 PM, "Scott Cantor" <cantor.2@osu.edu> wrote: >> So this is a general statement about all profiles where assertions and >> signing are concerned. However, the SAML profile document makes other >> statements which seem to make more strict requirements (sect 4.1.3.5, >> lines >> 497-500). >> >> " The <Assertion> element(s) in the <Response> MUST be signed, if the HTTP >> POST binding is used, and MAY be signed if the HTTP- Artifact binding is >> used." > > This is already fixed in errata. > >> I think that this may add to the impression that the <Assertion> element >> itself must be signed. > > Yes, that's the point though. If you say you want the assertion signed, > that's what you should get, not the response. > >> So I would suggest that clarifying language be added in the Profile > document >> around 4.1.3.5 line 500 indicating that the "signature inheritance" notion >> applies to the <Assertion> element in a POST message --- if that is indeed >> the intent. > > We did. > > -- Scott > > -- ____________________________________________________ Eric Tiffany | eric@projectliberty.org Interop Tech Lead | +1 413-458-3743 Liberty Alliance | +1 413-627-1778 mobile
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]