OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-07

On Tue, Nov 4, 2008 at 11:09 AM, Scott Cantor <cantor.2@osu.edu> wrote:
>> There is no guidance in the metadata spec regarding the
>> WantAssertionsSigned attribute, for example.  This is perhaps as it
>> should be.  Does this belong in the Metadata Interoperability Profile?
>>  If not, I don't see any alternative but to profile it here.
> If you say you want them signed, you're simply warning the IdP that not
> signing it is likely to produce a failure later.

Well, the other alternative is to return an error, right?

> I don't understand what's so vague about that.

If there were a WantAssertionsSigned attribute in AuthnRequest, would
you be inclined to interpret it differently?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]