[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Note on Digital Signing in SAML
Agreed. Often, both signatures are required to establish the authenticity of the assertion. Kelvin Beeck wrote: <snip/> > > It seems to me that assertions would often need to be signed independent of > a composite signature (as part of the protocol binding) because issued > assertions usually become the input for other queries (eg. an authentication > assertion as input to an PDP authorization query) or may be bound to a > payload. > > The requirement is based on the trust relationship - i.e. do I trust an > assertion because I trust the bearer, or do I need to verify that the > assertion came from the stated issuer (I would think so).
begin:vcard n:Ferris;Christopher tel;cell:508-667-0402 tel;work:781-442-3063 x-mozilla-html:FALSE org:Sun Microsystems, Inc;XTC Advanced Development adr:;;;;;; version:2.1 email;internet:chris.ferris@east.sun.com title:Sr. Staff Engineer fn:Christopher Ferris end:vcard
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC