[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Re: Trust in artifact resolution
Josh Howlett wrote on 2010-02-11:
> Additionally, section 3.6.5.2 ("Security Considerations", HTTP
> Artifact Binding) of SAML2Bindings states that "...the callback
> request/response exchange that returns the actual message MAY be
> mutually authenticated and integrity protected, depending on the
> environment of use."
>
> How come the latter is a MAY while the former is a MUST?
One is a generic binding spec, the other is a profile of use. My layering at
work.
-- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]