[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups - draft-sstc-saml-binding-simplesign-02-diff.pdf uploaded
Guess I used the wrong comment box. Anyway... Other than correcting some section numbering glitches, the change here is to correct for the fact that using line-wrapped form data isn't round-trip safe in many browsers. Historically, right or wrong, we haven't required our base64 POST data to be single-line, so I was hesitant to use that approach. As a result, signing the data once it's in base64 isn't reliable to verify, so the signature rule was changed to concatenate the raw XML before it's base64'd when creating the signature. The other inputs are single line, so they're safe. I believe some review is needed to ensure we're not overlooking any XML character encoding issues, but since the XML is just being treated as octets for the signature input, I think it's safe. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]