OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [wss] Groups - WSS-SAML-11.pdf uploaded




Ron Monzillo wrote:

> Dims,
>
> The sender-vouches example in 3.4.2.3 is perhaps a little more than it 
> seems.
>
> The example uses only SAML assertions, and thus there is
> a holder-of-key assertion (referenced by STR 2) from keyInfo that is
> being used to carry the key of the vouching sender. The sender-vouches
> confirmed assertion is referenced from SignedInfo (by id = "#STR1") and
> is being signed by the key in the holder-of-key assertion.
>
> The example could have used a keyIdentifier reference to an X509 cert 
> from
> KeyInfo, but as I noted above, I was trying to show an all SAML example.
>
> If you think the example is not very helpful, I would be willing to 
> discuss
> changing it

I forgot to ask:

Would it be sufficient if the paragraph preceding the example made these 
details clearer?

Ron

>
> Ron
>
> Srinivas, Davanum M wrote:
>
>> Ron,
>>
>> Here's some feedback from my team --------------------- Feedback from 
>> Werner -------------------------
>> IMO there is a wrong example in the profile spec:
>> chapter 3.4.2.3) contains a SAML Assertion which does not specifiy
>> sender-vouches (holder-of-key instead). Seems to be a "copy-paste
>> error"). Thus also the following references, KeyInfo etc. may be out of
>> sync.
>> --------------------- Feedback from Werner -------------------------
>> Thanks,
>> dims
>>
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]