[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Signing protocols and assertions
> > Well, when you sign, you have to ensure that any > non-visibly-used namespaces are included or the message is > vulnerable to namespace substitution attacks. Scott, do you mean non-visible used or non-visibly defined (e.g. the case when I use a namespace prefix, but the namespace is defined outside of the assertion)? I would assum non-visibly used doesn't matter as it doesn't show up in the assertion at all. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]