OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Digital Signature Validation

On 6/15/14, 1:01 AM, "Phalguni Mukherjee"
<phalgunimukherjee1007@gmail.com> wrote:

>Can you provide any link,which can help the beginner to understand the
>same.

Somebody else might have a link to something that orients somebody to XML
Signature, but mostly it's reading specs and a lot of code, and if you
have any doubts, you stay far, far away from that layer.

If you want to see the kind of code needed to prevent wrapping attacks,
you can look at [1].

If you want to read about trust management, you can look at [2].

And if you're smart, you'll rethink implementing anything, because there
are already implementations to use.

-- Scott

[1] 
http://svn.shibboleth.net/view/java-opensaml/trunk/opensaml-saml-impl/src/m
ain/java/org/opensaml/saml/security/impl/SAMLSignatureProfileValidator.java

[2] https://wiki.shibboleth.net/confluence/display/SHIB2/TrustManagement

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]