OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Referencing Saml Assertion from it's enveloped signature (Wss Saml Token Profile vs Saml 1.1 Core spec)

This is about assertion enveloped signatures in Saml assertions in 
SOAP wsse:Security header.

The (Wss Saml Token Profile) specifies the <wsse:SecurityTokenReference>
as a way of referencing the the SAML assertion, while the SAML 1.1 core 
spec menitions direct URI reference such as
<ds:Reference URI="#SamlAssertion-3e42fde8b68fbbe411e01ca9d0fdd47e"> 

Should both flavors be supported when validationg the soap assertion
signature?
How are the current Wss SAML token profile implementations handling
this?

Thanks,
Emil

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]