mace-opensaml-users - RE: InResponseTo security policy rule
Subject: OpenSAML user discussion
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: InResponseTo security policy rule
- Date: Wed, 29 Aug 2007 10:39:33 -0400
- Organization: The Ohio State University
> Probably not. The security policy rules are meant to be stateless so
> that they can be used over many messages. Storing the InResponseTo in
> the rule represents state and wouldn't allow you to use the rule across
> messages (as the message ID you're responding to would change).
Yes, I enforce it inside my SOAP client, but I don't have a use for it on
the front channel, so I don't think I even check it there. Maybe in the
logout handler somewhere, not sure. I know I tracked it so I could respond
properly, but that's just to satisfy the spec.
-- Scott
- InResponseTo security policy rule, Frank Cornelis, 08/29/2007
- Re: InResponseTo security policy rule, Chad La Joie, 08/29/2007
- RE: InResponseTo security policy rule, Scott Cantor, 08/29/2007
- Re: InResponseTo security policy rule, Frank Cornelis, 08/30/2007
- Re: InResponseTo security policy rule, Chad La Joie, 08/30/2007
- RE: InResponseTo security policy rule, Scott Cantor, 08/30/2007
- Re: InResponseTo security policy rule, Chad La Joie, 08/30/2007
- Re: InResponseTo security policy rule, Chad La Joie, 08/29/2007
Archive powered by MHonArc 2.6.16.