[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Question on section 3.1.3.2 in Bindings 12
293 The SAML requester and responder MUST implement the following authentication methods:
294 1. No client or server authentication.
295 2. HTTP basic client authentication [RFC2617] with and without SSL 3.0 or TLS 1.0.
296 3. HTTP over SSL 3.0 or TLS 1.0 (see Section 550) server authentication with a server-side
297 certificate.
298 4. HTTP over SSL 3.0 or TLS 1.0 client authentication with a client-side certificate.
299 If a SAML responder uses SSL
3.0 or TLS 1.0, it MUST use a server-side certificate.
Is it indeed the intent that any implementation claiming conformance for the SOAP protocol binding has to support all four of these authentication methods (rather than, for example, any one of the four)?
thanks -
bob
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC