[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Why no issuer in SAML Artifact Document?
----- Original Message ----- From: "Scott Cantor" <cantor.2@osu.edu> To: "'Kunal Gandhi'" <kunal@amsoft.net>; <saml-dev@lists.oasis-open.org> Sent: Friday, October 21, 2005 8:21 PM Subject: RE: [saml-dev] Why no issuer in SAML Artifact Document? >> Could any one tell the reason(s) as to why there is no >> <Issuer> element in SAML Artifact Document? > > A SAML artifact is not a document. It's a string, generally fixed > > length, > that is encoded with the information required to locate the peer who sent > a > corresponding message. > ####### Kunal wrote: ########## If the artifact here means an *old* substance/document or a referrer to it, it should just contain the message handle (and send the ProviderID as it is). One reason I could think of for not having the ProviderID and instead having an SHA1 value of it is to prevent malicious requestor from obtaining the document referred by the artifact. But this could be easily prevented by requiring secure communication and signing the artifact resolve request. I am no security expert or even close to it and am prtty sure the TC (which, by the way produced wonderful specifications) didn't over look such simplistic matters, so expect no proposal from me :). Thanks. ############################ > If the artifact structure doesn't provide you the information you need, > then > you have a different use case and probably shouldn't use artifacts. > > You could also define your own artifact format, but nobody else is likely > to > support it. If you think the format is necessary to the standard, then you > should probably consider joining the TC and submitting it as a proposal. > > -- Scott > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]