OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Error in Technical Overview CD-02 Section 4.6

Sigh… There is a significant error in section 4.6 of the tech overview.


Lines 764-766 of CD-02 states:

“When a response message containing an assertion is delivered to a relying party via a user's web

browser (for example using the HTTP POST binding), then to ensure message integrity, it is

mandated that the response message be digitally signed using XML Signature”


This should obviously state that it is the Assertion that MUST be signed (the Response carrying it MAY be signed).


Rob Philpott

RSA, the Security Division of EMC
Senior Technologist | e-Mail: robert.philpott@rsa.com | Office: (781) 515-7115 | Mobile: (617) 510-0893


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]