[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss] Referencing SAML Assertions
I believe that an example of how to reference a SAML assertion in the ds:SignedInfo element in the SAML Token Binding document is needed. There is an example for using the wsse:SecurityTokenReference in the ds:KeyInfo. This is ok with respect to the digital signature spec as the KeyInfo element has a choice of a child element "any" with lax processing. However, the ds:SignedInfo does not have that flexibility in what is allowed so I believe that the same approach cannot be used for ds:SignedInfo with breaking the digital signature spec. Possibly a different approach to referencing the SAML assertion is intended for the ds:SignedInfo but I can not determine this from the writeup. One reason that one would want to do this is to sign both the SAML assertion and the SOAP body, thus tying the SAML assertion to the SOAP body. Don
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC