RE: [security-services] Groups - draft-sstc-saml-binding-simplesign-02-diff.pdf uploaded

["Scott Cantor" <cantor.2@osu.edu>]

Guess I used the wrong comment box. Anyway...

Other than correcting some section numbering glitches, the change here is to
correct for the fact that using line-wrapped form data isn't round-trip safe
in many browsers.

Historically, right or wrong, we haven't required our base64 POST data to be
single-line, so I was hesitant to use that approach. As a result, signing
the data once it's in base64 isn't reliable to verify, so the signature rule
was changed to concatenate the raw XML before it's base64'd when creating
the signature. The other inputs are single line, so they're safe.

I believe some review is needed to ensure we're not overlooking any XML
character encoding issues, but since the XML is just being treated as octets
for the signature input, I think it's safe.

-- Scott