OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Interop 2 Issue: Signed Token

> So it must have been my mistake. I went back to my original 
> notes on the
> scenarios and sure enough, is says "sign the signing token." 
> But come to
> think of it, this doesn't make a lot of sense either. By its nature, a
> signature binds the key to the signature. And the rest of the 
> token contents
> are bound to the key by the issuer's signature.

This is dealt with at length in the X.509 profile.

The token must be signed because a user might have more than one token bound
to the same key. This would allow a signer to substitute one token for
another, thus changing the context of the signature since the two tokens
might have very different attributes.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]