[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] SOA-TEL Token Correlation Profile: signature problem
> The IDP signs SAML-Y by putting in the assertion, besides the <transform> > element which excludes the signature itself, another <transform> element to > exclude the <token-correlated> element. Signed SAML assertions require a specific signature profile that does not allow for arbitrary transforms. Your assertions would be rejected by any correctly implemented off the shelf implementation unless a new profile was developed, agreed to, and implemented. Speaking for myself, I have some interest in a revised signature profile, but it would be based on the eventual XML Signature 2.0 work. > For the transform element management I refer to paragraph: "6.6.3 XPath > Filtering" of "XML Signature Syntax and Processing" specification Just FYI, the v1 XPath filter in XML Signature has been deprecated for years in favor of the XPath2 Filter transform. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]