[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Re: [Shib-Users] shib2 sp + unsigned slo messages
> Yup, I know the profile doc says so. But I don't understand what > threat you are protecting against when ensuring integrity of the > LogoutRequest? I would imagine it's to prevent somebody from invalidating somebody else's session. It probably was more of a response requirement and just got put in for symmetry. Responses certainly have to be signed or the protocol is useless. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]