[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-07
> Well, the other alternative is to return an error, right? For the IdP? Sure. That's the point. You just have prior knowledge about what might happen, so you can save it the trouble. If signing is a "whatever" sort of operation to the IdP, the logical thing to do is to sign if the flag is true, and do whatever the default is if it's not. If it's a major operation that the IdP doesn't normally like to do, then you'd probably consider returning an error. > > I don't understand what's so vague about that. > > If there were a WantAssertionsSigned attribute in AuthnRequest, would > you be inclined to interpret it differently? If it was written as a MUST (in which case that would be a bad name to use), I'd follow it, otherwise I'd do whatever I'm doing now. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]