OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] RE: [wss] Canonicalization

There are a number of clarifications relevant here. There is also a
misunderstanding here regarding the relationship between the SAML
core specification and the WSS SAML Token binding. 

The WSS SAML Token binding
defers completely to the WSS core draft regarding canonicalization 
(lines 222-224, 345-347). It makes no reference to the recommendations
for digital signing found in the SAML core specification. So fundamentally,
is no WSS issue here. 

It is correct to say that the SAML 1.0 core document references
non-exclusive Canonicalization spec ( URL
http://www.w3.org/TR/2001/REC-xml-c14n-20010315) .  This is mainly because
exclusive canonicalization was not available
at the time the SAML 1.0 was finalized. 

As part of the ongoing SAML 1.1 discussion, this issue is being revisited
and discussed on the SAML list. Scott Cantor has published a working
draft that clarifies some the relevant issues. YOu can find the draft




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC