[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Interop 2 Issue: Signed Token
> So it must have been my mistake. I went back to my original > notes on the > scenarios and sure enough, is says "sign the signing token." > But come to > think of it, this doesn't make a lot of sense either. By its nature, a > signature binds the key to the signature. And the rest of the > token contents > are bound to the key by the issuer's signature. This is dealt with at length in the X.509 profile. The token must be signed because a user might have more than one token bound to the same key. This would allow a signer to substitute one token for another, thus changing the context of the signature since the two tokens might have very different attributes.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]