security-services message

Subject: Re: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-07

From: "Tom Scavo" <trscavo@gmail.com>
To: "Scott Cantor" <cantor.2@osu.edu>
Date: Tue, 4 Nov 2008 11:29:59 -0500

On Tue, Nov 4, 2008 at 11:09 AM, Scott Cantor <cantor.2@osu.edu> wrote:
>
>> There is no guidance in the metadata spec regarding the
>> WantAssertionsSigned attribute, for example.  This is perhaps as it
>> should be.  Does this belong in the Metadata Interoperability Profile?
>>  If not, I don't see any alternative but to profile it here.
>
> If you say you want them signed, you're simply warning the IdP that not
> signing it is likely to produce a failure later.

Well, the other alternative is to return an error, right?

> I don't understand what's so vague about that.

If there were a WantAssertionsSigned attribute in AuthnRequest, would
you be inclined to interpret it differently?

Tom

Follow-Ups:
- RE: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-07
  - From: "Scott Cantor" <cantor.2@osu.edu>

References:
- Re: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-07
  - From: Nate Klingenstein <ndk@internet2.edu>
- Re: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-07
  - From: "Tom Scavo" <trscavo@gmail.com>