I'm not an expert on SAML. But in such case, you probably need to authenticate assertion yourself.
Please correct me if I'm wrong.
----- Original Message ----
From: 张慧 <zhanghui_csu@126.com>
To: Scott Cantor <cantor.2@osu.edu>
Cc: saml-dev <saml-dev@lists.oasis-open.org>
Sent: Wednesday, May 21, 2008 10:08:30 AM
Subject: Re: RE: [saml-dev] how service provider authenticate assertion
hello Scott Cantor,
Thanks for your answer.I mean how to adjust the validity of SAML assertion.
From the SAML standard,I only find that saml:condition need be authenticate.how about SAML authenticate assertion statement,how to authenticate it? define authenticate rule by myself ,parse xml text to make decision?the same to subject statement.
I don't know how to deal with authenticate statement and saml:subject in SP.Does it relate to business requirement rule,not defined in saml standard.
Best
regards!
Thank you very much!
hui zhang
======= 2008-05-20 23:04:59 您在来信中写道:=======
>> Identifier provider creates an assertion,then this assertion is
>> transferred to service provider.
>> how service provider authenticate whether this assertion is in
>> effect?thanks!
>
>It's not in scope of the standard how you authenticate digital signatures or
>certificates. Most people use some combination of SAML metadata, PKI
>techniques, and various adaptations that make sense in their environment.
>
>--
Scott
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail:
saml-dev-unsubscribe@lists.oasis-open.org>For additional commands, e-mail:
saml-dev-help@lists.oasis-open.org>
>.
= = = = = = = = = = = = = = = = = = = =
致
礼!
张慧
zhanghui_csu@126.com 2008-05-21