mace-opensaml-users - Re: Sigining of Assertion instead of Response

Subject: OpenSAML user discussion

List archive

Re: Sigining of Assertion instead of Response

From: Andreas Vallen <>
To:
Subject: Re: Sigining of Assertion instead of Response
Date: Tue, 16 Jan 2007 17:04:30 +0100

Hello Scott,

Scott Cantor wrote:

Ouch. I didn't interpret it that way until now, instead thinking that
signature inheritance as described in saml-core applied if the response

element

was signed.

Hmm, that probably should be cleaned up.

I was just pointed by our partner to the errata document, where it seems that you already cleaned it up. E26 describes a change, so that the response may be signed instead of the assertion:

"""
Section 4.1.4.5, POST-Specific Processing Rules:
661 Replace lines 600-601 with: "If the HTTP POST binding is used to deliver
the
662 <Response>, each assertion MUST be protected by a digital signature. This
can be
663 accomplished by signing each individual <Assertion> element or by signing
the
664 <Response> element.
"""

Cheers,
Andreas

Sigining of Assertion instead of Response, Andreas Vallen, 01/15/2007
- Re: Sigining of Assertion instead of Response, Tom Scavo, 01/15/2007
  - Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/15/2007
    - Re: Sigining of Assertion instead of Response, Tom Scavo, 01/15/2007
      - Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
- RE: Sigining of Assertion instead of Response, Scott Cantor, 01/15/2007
  - Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
    - Re: Sigining of Assertion instead of Response, Tom Scavo, 01/16/2007
    - RE: Sigining of Assertion instead of Response, Scott Cantor, 01/16/2007
      - Re: Sigining of Assertion instead of Response, Andreas Vallen, 01/16/2007
        
        RE: Sigining of Assertion instead of Response, Scott Cantor, 01/16/2007

List archive

Re: Sigining of Assertion instead of Response