OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] role of public key in encrypted assertion

On 11/3/12 9:36 PM, "Peter Schober" <peter.schober@univie.ac.at> wrote:

>This message (that's all of it) seems to imply that the incriminated key
>should be the IdP's public key.


>From glancing over XMLenc (section 3.5.1) and section 3.2.2 of the old
>"SAML Implementation Guidelines" (returned by $searchengine) I
>conclude that the SP's public key is included in order to inform the
>SP which of its keys had been used to encrypt the payload (encryption


>Furthermore my guess is that the SP's tech-c (writing the above to me)
>is mistaken and thinks of (unencrypted) XMLsig, where it would make
>sense to include the issuer's public key in order to aid the SP in
>verifying the issuer's signature.

They'd both be there most likely but in different places in the message.
If the response weren't signed, then the IdP's key won't appear anywhere
until the encrypted assertion were decrypted. If it was, then both would
be visible prior to decryption.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]