Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Sigining of Assertion instead of Response

Subject: OpenSAML user discussion

List archive

Re: Sigining of Assertion instead of Response


Chronological Thread 
  • From: Andreas Vallen <>
  • To:
  • Subject: Re: Sigining of Assertion instead of Response
  • Date: Tue, 16 Jan 2007 17:04:30 +0100

Hello Scott,

Scott Cantor wrote:
Ouch. I didn't interpret it that way until now, instead thinking that
signature inheritance as described in saml-core applied if the response
element
was signed.

Hmm, that probably should be cleaned up.

I was just pointed by our partner to the errata document, where it seems that you already cleaned it up. E26 describes a change, so that the response may be signed instead of the assertion:

"""
Section 4.1.4.5, POST-Specific Processing Rules:
661 Replace lines 600-601 with: "If the HTTP POST binding is used to deliver
the
662 <Response>, each assertion MUST be protected by a digital signature. This
can be
663 accomplished by signing each individual <Assertion> element or by signing
the
664 <Response> element.
"""

Cheers,
Andreas



Archive powered by MHonArc 2.6.16.

Top of Page