saml-dev message

Subject: RE: [saml-dev] Referencing Saml Assertion from it's enveloped signature (Wss Saml Token Profile vs Saml 1.1 Core spec)

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Emil Marceta'" <emarceta@layer7tech.com>, <saml-dev@lists.oasis-open.org>
Date: Thu, 13 Jan 2005 18:47:03 -0500

> This is about assertion enveloped signatures in Saml assertions in 
> SOAP wsse:Security header.
> 
> The (Wss Saml Token Profile) specifies the <wsse:SecurityTokenReference>
> as a way of referencing the the SAML assertion, while the SAML 1.1 core 
> spec menitions direct URI reference such as
> <ds:Reference URI="#SamlAssertion-3e42fde8b68fbbe411e01ca9d0fdd47e"> 
> 
> Should both flavors be supported when validationg the soap assertion
> signature?

Well, they have to be. One is about signing SAML assertions and the other is
about referencing SAML assertions in STRs.

The SAML 1.1 spec uses XML ID attributes in the manner proscribed by XML and
XML Signature. The WSS profile (due to the language in WSS itself) wasn't
allowed to do so.

-- Scott

Follow-Ups:
- RE: [saml-dev] Referencing Saml Assertion from it's enveloped signature (Wss Saml Token Profile vs Saml 1.1 Core spec)
  - From: "Scott Cantor" <cantor.2@osu.edu>

References:
- Referencing Saml Assertion from it's enveloped signature (Wss Saml Token Profile vs Saml 1.1 Core spec)
  - From: "Emil Marceta" <emarceta@layer7tech.com>