[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] X509 Authn Attribute Profile erratum?
I believe the intro is wrong and that
section 4.2.1 is correct. I recommend changing the phrase: “both by signing the <Response>
message and through TLS or SSL server authentication.” To “both by signing the <Assertion>
element in the <Response> message and sending the <Response> using TLS
or SSL server authentication.” Rob Philpott From: Ari Kermaier
[mailto:ari.kermaier@oracle.com] In the overview in Section 4
"Encrypted/Signed Mode" line 194, the profile specifies that the
responding IdP MUST sign the <Response>. In Section 4.2.1 "<Response> Usage" line 250
and in Section 4.2.3 "Use of Digital Signatures" line 280 it
specifies that the <Assertion> MUST be signed. Which is it? Ari Kermaier |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]