OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [saml-dev] Potential erratum PE15 from: draft-sstc-cs-errata-01.doc

The issue is:

> 3.15 PE15: Unify signature inheritance subsections
> First reported by: Bob Morgan
> Message:
> Description: There is a lot of repetition in
> cs-sstc-core-00 Sections 5.3.1 and 5.3.2. They should be
> unified under Section 5.3. Here is a proposal for wording:

> SAML assertions may be embedded within request or response
> messages or other XML messages, which may be signed. SAML
> requests and responses may themselves be contained within
> other messages that are based on other XML messaging
> frameworks (for example, SOAP) and the composite object
> may be the subject of a signature. Another possibility is
> that SAML assertions or request/response messages are
> embedded within a non-XML messaging object (e.g., MIME
> package) and signed.

> In such a case, the SAML portion of a signed message may be
> viewed as inheriting a signature from the closest
> "super-signature" over the enclosing object, provided that
> the super-signature applies to all the elements within the
> SAML portion.

There is one subtle point, buried in line 1406 of cs-sstc-core-00.pdf: The
signature is ONLY inherited from a surrounding SAML element (such as an
assertion buried within a signed samlp:Response). This was discussed either
at F2F5 or on the list shortly thereafter, if I remember correctly; the
outcome was that this restriction was intentional and was the will of the

 - irving - 

The information contained in this message is confidential and is intended
for the addressee(s) only.  If you have received this message in error or
there are any problems please notify the originator immediately.  The 
unauthorised use, disclosure, copying or alteration of this message is 
strictly forbidden. Baltimore Technologies plc will not be liable for
direct, special, indirect or consequential damages arising from alteration of the
contents of this message by a third party or as a result of any virus being 
passed on.
This footnote confirms that this email message has been swept for Content Security threats, including
computer viruses.


This footnote confirms that this email message has been swept by 
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC