OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Authentication Response IssuerName vs. Assertion IssuerName

Title: Message
Hi, I noticed that the IssuerName is not a MUST for a Response.
However, for an unsolicited Response, this makes handling EncryptedAssertion elements whose decryption certs are exchanged via metadata (and not in the Response) more difficult or impossible. I.e., if KeyName/X509SerialNumber is not part of the EncryptedAssertion, how would you know which descryption key to use?
Am  I missing something here? Should IssuerName be required in the Response to avoid these types of issues?

Thomas Wisniewski
Software Architect
Phone: (201) 891-0524
Cell: (201) 248-3668
Securing Digital Identities
& Information


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]