OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Referencing Saml Assertion from it's enveloped signature (Wss Saml Token Profile vs Saml 1.1 Core spec)

> This is about assertion enveloped signatures in Saml assertions in 
> SOAP wsse:Security header.
> The (Wss Saml Token Profile) specifies the <wsse:SecurityTokenReference>
> as a way of referencing the the SAML assertion, while the SAML 1.1 core 
> spec menitions direct URI reference such as
> <ds:Reference URI="#SamlAssertion-3e42fde8b68fbbe411e01ca9d0fdd47e"> 
> Should both flavors be supported when validationg the soap assertion
> signature?

Well, they have to be. One is about signing SAML assertions and the other is
about referencing SAML assertions in STRs.

The SAML 1.1 spec uses XML ID attributes in the manner proscribed by XML and
XML Signature. The WSS profile (due to the language in WSS itself) wasn't
allowed to do so.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]