[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Re: Trust in artifact resolution
Josh Howlett wrote on 2010-02-11: > Additionally, section 3.6.5.2 ("Security Considerations", HTTP > Artifact Binding) of SAML2Bindings states that "...the callback > request/response exchange that returns the actual message MAY be > mutually authenticated and integrity protected, depending on the > environment of use." > > How come the latter is a MAY while the former is a MUST? One is a generic binding spec, the other is a profile of use. My layering at work. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]