[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Referencing Saml Assertion from it's enveloped signature (Wss Saml Token Profile vs Saml 1.1 Core spec)
> This is about assertion enveloped signatures in Saml assertions in > SOAP wsse:Security header. > > The (Wss Saml Token Profile) specifies the <wsse:SecurityTokenReference> > as a way of referencing the the SAML assertion, while the SAML 1.1 core > spec menitions direct URI reference such as > <ds:Reference URI="#SamlAssertion-3e42fde8b68fbbe411e01ca9d0fdd47e"> > > Should both flavors be supported when validationg the soap assertion > signature? Well, they have to be. One is about signing SAML assertions and the other is about referencing SAML assertions in STRs. The SAML 1.1 spec uses XML ID attributes in the manner proscribed by XML and XML Signature. The WSS profile (due to the language in WSS itself) wasn't allowed to do so. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]