OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: S2ML 0.7a questions

I have just gone thrue the S2ML 0.7a draft.

Unfortunately I have severe problems understanding how it works when
applied to the very interesting User-Driven Scenario described on page #3
and I wonder if anyone can help me?

1. After the user have clicked on the SiteB link a number of things happen which
is only very briefly described.

In Particular: "The security token that travels with the user as a HTTP-header" 
How do browser clients transport server-initiated HTTP-header data to SiteB after what I
assume must be a HTTP 301 - redirect?

2. Regarding HTTP-binding (page25) I have difficulties understanding what is going on.
"The receiver will decrypt and verify the S2ML header payload".
Does this imply that the receiver has a shared key with the sender?
How can it verify? Against what?

Best Regards
Anders Rundgren
+46 70-6277437

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC