[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [saml-dev] Potential erratum PE15 from: draft-sstc-cs-errata-01.doc
The issue is: > 3.15 PE15: Unify signature inheritance subsections > First reported by: Bob Morgan > Message: http://lists.oasis-open.org/archives/security-services/200205/msg00025.html > Description: There is a lot of repetition in > cs-sstc-core-00 Sections 5.3.1 and 5.3.2. They should be > unified under Section 5.3. Here is a proposal for wording: > SAML assertions may be embedded within request or response > messages or other XML messages, which may be signed. SAML > requests and responses may themselves be contained within > other messages that are based on other XML messaging > frameworks (for example, SOAP) and the composite object > may be the subject of a signature. Another possibility is > that SAML assertions or request/response messages are > embedded within a non-XML messaging object (e.g., MIME > package) and signed. > In such a case, the SAML portion of a signed message may be > viewed as inheriting a signature from the closest > "super-signature" over the enclosing object, provided that > the super-signature applies to all the elements within the > SAML portion. There is one subtle point, buried in line 1406 of cs-sstc-core-00.pdf: The signature is ONLY inherited from a surrounding SAML element (such as an assertion buried within a signed samlp:Response). This was discussed either at F2F5 or on the list shortly thereafter, if I remember correctly; the outcome was that this restriction was intentional and was the will of the TC. - irving - ----------------------------------------------------------------------------------------------------------------- The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. This footnote confirms that this email message has been swept for Content Security threats, including computer viruses. http://www.baltimore.com This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC