[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: clarification to description of sender-vouches example
During the STP interop, we received 2 comments that suggested that section 3.4.2.3 of the STP needed to better describe the sender-vouches example. To address these comments, I'd like to replace the descriptive text at the beginning of section 3.4.2.3 with the following text. I'd like to make this change before the next teleconf. Comments and suggestions welcome. Ron --------- 3.4.2.3 Example The following example illustrates an attesting entity’s use of the sender-vouches subject confirmation method with an associated <ds:Signature> element to establish its identity and to assert that it has sent the message body on behalf of the subject(s) of the assertion referenced by “STR1”. The assertion referenced by “STR1” is not included in the message. “STR1” is referenced by <ds:reference> from <ds:SignedInfo>. The ds:reference> includes the STR-transform to cause the assertion, not the <SecurityTokeReference> to be included in the digest calculation. The SAML assertion embedded in the header and referenced by “STR2” from <ds:KeyInfo> corresponds to the attesting entity. The private key corresponding to the public confirmation key occurring in the assertion is used to sign together the message body and assertion referenced by “STRI”.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]