OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: Note on Digital Signing in SAML


Agreed. Often, both signatures are required to establish
the authenticity of the assertion.

Kelvin Beeck wrote:
<snip/>
> 
> It seems to me that assertions would often need to be signed independent of
> a composite signature (as part of the protocol binding) because issued
> assertions usually become the input for other queries (eg. an authentication
> assertion as input to an PDP authorization query) or may be bound to a
> payload.
> 
> The requirement is based on the trust relationship - i.e. do I trust an
> assertion because I trust the bearer, or do I need to verify that the
> assertion came from the stated issuer (I would think so).
begin:vcard 
n:Ferris;Christopher
tel;cell:508-667-0402
tel;work:781-442-3063
x-mozilla-html:FALSE
org:Sun Microsystems, Inc;XTC Advanced Development
adr:;;;;;;
version:2.1
email;internet:chris.ferris@east.sun.com
title:Sr. Staff Engineer
fn:Christopher Ferris
end:vcard


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC