OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Authentication Response IssuerName vs. Assertion IssuerName

> Yes, then there's an errata. Line 541 in profiles. Basically 
> says issuer (for an AuthnRequest Response) MAY be omitted. I 
> believe this is the only spot in profiles.
> Jahan, can you add an errata item to change line 541 to 
> "the <Issuer> element MUST be present and MUST contain the 
> unique identifieir of the" 
> The main reason is that Issuer should should be a MUST in the 
> SSO Response protocol. 

Ah, ok. So I think the point there was to allow people to assume Issuer
based on the Assertion, thus your point about encryption...

A compromise might be to just say, if you encrypt the assertion, it's
required, otherwise it MAY be omitted.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]