OpenSAML user discussion

["George Stanchev" <>]

-----Original Message-----
From: Scott Cantor 
[mailto:]
 
Sent: Wednesday, September 19, 2007 9:09 AM
To: 

Subject: RE: A suggestion about digital signatures

>> My question is: for you, this token is correct?

> I don't think it's generally acceptable to send two assertions in one
token element, no. 

I thought the same. If multiple tokens need to be returned, an RSTRC
element needs to be
used. WS-Trust spec define in 6.3.2 More Than One Proof-Of-Possession
Tokens Case how
multiple tokens need to be returned.

A correct reponse would look like

<wst:RequestSecurityResponseCollection>
   <wst:RequestSecurityResponse>
     <TokenType>saml...</TokenType>
     <RequestedSecurityToken>
        <saml:Assertion/> (signed by the Identity Provider, the
AuthAssertin)
   </wst:RequestedSecurityToken>
   <wst:RequestSecurityResponse>
     <TokenType>saml...</TokenType>
     <RequestedSecurityToken>
        <saml:Assertion/> (signed by the Attribute Authority, the
AttrAssertion)
   </wst:RequestedSecurityToken>
</wst:RequestSecurityTokenResponse>

George

**********************************************************************
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
Any unauthorized review, use, disclosure or distribution is prohibited. If 
you are not the intended recipient, please contact the sender by reply e-mail 
and destroy all copies of the original message. 
**********************************************************************