[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Just noticed Errata 26 changes were incomplete.
Errata 26 made a number of changes to the profiles spec w.r.t signing in the web SSO profile.
One change was that section 4.1.4.5 (POST-specific processing rules) changed the language from saying the Assertion MUST be signed to saying that it MUST be protected by a digital signature and that can be done by signing each Assertion or the Response. However, it appears that that change now conflicts with section 4.1.3.5 (Identity
Provider Issues <Response> to Service Provider) which states: “The <Assertion>
element(s) in the <Response> MUST be signed, if the HTTP POST binding is used, and MAY be signed if the HTTP Artifact binding is used.” Am I missing something? Rob Philpott
| Senior Technologist | RSA, the Security Division of EMC eMail:
robert.philpott@rsa.com | Office: 781.515.7115 | Mobile: 617.510.0893 |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]