OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Just noticed Errata 26 changes were incomplete.


Errata 26 made a number of changes to the profiles spec w.r.t signing in the web SSO profile.  One change was that section 4.1.4.5 (POST-specific processing rules) changed the language from saying the Assertion MUST be signed to saying that it MUST be protected by a digital signature and that can be done by signing each Assertion or the Response.

 

However, it appears that that change now conflicts with section 4.1.3.5 (Identity Provider Issues <Response> to Service Provider) which states: “The <Assertion>  element(s) in the <Response>  MUST be signed, if the HTTP POST binding is used, and MAY be signed if the HTTP Artifact binding is used.”

 

Am I missing something?

 

Rob Philpott | Senior Technologist | RSA, the Security Division of EMC

eMail: robert.philpott@rsa.com | Office: 781.515.7115 | Mobile: 617.510.0893

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]