security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Authentication Response IssuerName vs. Assertion IssuerName
- From: Thomas Wisniewski <Thomas.Wisniewski@entrust.com>
- To: security-services@lists.oasis-open.org
- Date: Thu, 9 Jun 2005 09:51:11 -0400
Title: Message
Hi, I noticed that
the IssuerName is not a MUST for a Response.
However, for an
unsolicited Response, this makes handling EncryptedAssertion elements whose
decryption certs are exchanged via metadata (and not in the Response) more
difficult or impossible. I.e., if KeyName/X509SerialNumber is not part of
the EncryptedAssertion, how would you know which descryption key to
use?
Am I missing
something here? Should IssuerName be required in the Response to avoid these
types of issues?
Tom.
Thomas Wisniewski
Software Architect
Phone: (201)
891-0524
Cell: (201) 248-3668
EntrustÒ
Securing Digital Identities
& Information
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]