OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: XAdES signatures in SAML v2.0?


I have a question in connection with the security (XML-based signature) layer of SAML v2.0 standard.

In Hungary - as a Member State of EU - we have to apply XAdES-based XML signatures in order to comply the e-signature EU directive and other legislations. There is need to also cover SAML-based messages by this legislation, but I found that I can not apply XAdES structure for at least one reason. This blocking requirement is the following (in the SAML v2.0 core documentation):

"Signatures MUST contain a single <ds:Reference> containing a same-document reference to the ID attribute value of the root element of the assertion or protocol message being signed."

The XAdES-structure also makes reference over the subset nodes of xades:SignedProperties (there must be at least two ds:Reference elements instead of a single one).

Could you suggest me a solution how to solve the problem and apply XAdES-signatures on SAML messages?

Thanks in advance!

Best regards,
Aron Szabo

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]