OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-07

> Well, the other alternative is to return an error, right?

For the IdP? Sure. That's the point. You just have prior knowledge about
what might happen, so you can save it the trouble. If signing is a
"whatever" sort of operation to the IdP, the logical thing to do is to sign
if the flag is true, and do whatever the default is if it's not. If it's a
major operation that the IdP doesn't normally like to do, then you'd
probably consider returning an error.

> > I don't understand what's so vague about that.
> If there were a WantAssertionsSigned attribute in AuthnRequest, would
> you be inclined to interpret it differently?

If it was written as a MUST (in which case that would be a bad name to use),
I'd follow it, otherwise I'd do whatever I'm doing now.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]