[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss-dev] SAML token and holder of key.
That's right. Giuseppe Sarno wrote: >Hi, >Does this mean that for my Web service provider the Subject confirmation >is not enough, >and I also need a issuer Certificate or key ? > >Thanks. >Giuseppe. > >-----Original Message----- >From: Vishal Mahajan [mailto:vmahajan@amberpoint.com] >Sent: 08 December 2005 11:34 >To: Sarno, Giuseppe [MOP:GM15:EXCH] >Cc: wss-dev@lists.oasis-open.org >Subject: Re: [wss-dev] SAML token and holder of key. > > >Typically an HOK assertion would be protected for integrity by its >issuer, so replacing the public key wouldn't be possible. The issuer of >an HOK assertion typically signs the assertion in an enveloped-signature > >manner. > >Vishal > >Giuseppe Sarno wrote: > > > >>If I put a Public Key in the SubjectConfirmation and used my Private >>Key to create the <ds:Signature> element wouldn't this be opent to MITM >> >> > > > >>attack ? I mean the attacker could chane the PublicKey as well as using >> >> > > > >>his private key to sign the message. To avoid this shouldn't a >>Certificate (509) in the Subject confirmation be a better option ? >>(without considering out of band agreement). Continuing on this why >>then the Spec say on page 28 that the holder of key is not vulnerable >>to MITM attack ? >>What I'm missing ? >> >>Thanks. >>Giuseppe. >> >> >> >> >> > > > > >--------------------------------------------------------------------- >This publicly archived list supports open discussion on implementing the WSS OASIS Standard. To minimize spam in the >archives, you must subscribe before posting. > >[Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ >Alternately, using email: list-[un]subscribe@lists.oasis-open.org >List archives: http://lists.oasis-open.org/archives/wss-dev/ >Committee homepage: http://www.oasis-open.org/committees/wss/ >List Guidelines: http://www.oasis-open.org/maillists/guidelines.php >Join OASIS: http://www.oasis-open.org/join/ > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]