[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] x509 Authn-based Profile
Well, the profile is written such that it does not rely on SOAP binding mechanisms to authenticate, assure integrity, etc... for the variious protocol message exhanges. Therefore the Request must be signed. However, I was assuming that since the Assertion has to be signed, there would be no need for the Response to be signed (since the Assertion contains everything the Response has). If both need to be signed for some reason, then the signing section should discuss this as well.
Rick?
Tom.
-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: Friday, May 20, 2005 10:41 AM
To: 'Thomas Wisniewski'; security-services@lists.oasis-open.org
Subject: RE: [security-services] x509 Authn-based Profile
> Rick, one more typo in the doc
>
> on line 150 s/<Assertion> in the <Response>/<Response>/
>
> i.e., the intent is that we are signing the assertion the way
> back and not the response that contains the assertion
> (aligning with what is said later in the doc).
I assumed if the Request was signed for some reason, then the Response would be.
-- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]