OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] comments on sstc-saml-profiles-2.0-draft-12


> In the Web Browser profiles we have (at some point) the subject
> authenticating to the Identity Provider - so that a security context is
> established.  Yet in ECP that step is not described.

I didn't lay out the sequence originally, so it's not surprising they don't
match my steps.

> What is the trust relationship so that the IdP sends the "correct"
> <Response> to the SP. Does this rely on the <AuthnRequest> being signed.
> If so - why is this not a MUST?

The authn request isn't the issue, the principal always has to authenticate
to the IdP at some point, or it wouldn't have any idea what to do.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]