mace-opensaml-users - Re: Sigining of Assertion instead of Response
Subject: OpenSAML user discussion
List archive
- From: Andreas Vallen <>
- To:
- Subject: Re: Sigining of Assertion instead of Response
- Date: Tue, 16 Jan 2007 17:04:30 +0100
Hello Scott,
Scott Cantor wrote:
Ouch. I didn't interpret it that way until now, instead thinking thatelement
signature inheritance as described in saml-core applied if the response
was signed.
Hmm, that probably should be cleaned up.
I was just pointed by our partner to the errata document, where it seems that you already cleaned it up. E26 describes a change, so that the response may be signed instead of the assertion:
"""
Section 4.1.4.5, POST-Specific Processing Rules:
661 Replace lines 600-601 with: "If the HTTP POST binding is used to deliver
the
662 <Response>, each assertion MUST be protected by a digital signature. This
can be
663 accomplished by signing each individual <Assertion> element or by signing
the
664 <Response> element.
"""
Cheers,
Andreas
- Sigining of Assertion instead of Response, Andreas Vallen, 01/15/2007
- Re: Sigining of Assertion instead of Response, Tom Scavo, 01/15/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/15/2007
- Re: Sigining of Assertion instead of Response, Tom Scavo, 01/15/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
- Re: Sigining of Assertion instead of Response, Tom Scavo, 01/15/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/15/2007
- RE: Sigining of Assertion instead of Response, Scott Cantor, 01/15/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
- Re: Sigining of Assertion instead of Response, Tom Scavo, 01/16/2007
- RE: Sigining of Assertion instead of Response, Scott Cantor, 01/16/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
- RE: Sigining of Assertion instead of Response, Scott Cantor, 01/16/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
- Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
- Re: Sigining of Assertion instead of Response, Tom Scavo, 01/15/2007
Archive powered by MHonArc 2.6.16.