mace-opensaml-users - Re: AbstractSignableXMLObject
Subject: OpenSAML user discussion
List archive
- From: Asa Hardcastle <>
- To:
- Subject: Re: AbstractSignableXMLObject
- Date: Fri, 15 Feb 2008 19:24:07 -0500
I am not sure I understand completely what the two of you are saying.
The Security header is not included in the signature. Some of its components are, and the id-wsf 2 spec requires that the Signature be a single signature referencing multiple signed elements and be a child of the Security header. The Timestamp and any SAML Assertion token is also signed.
Is there something missing in my understanding? What is not appropriate about this?
thanks for your help on this guys!
asa
--
Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib
Tel: +1.413.429.1044 Skype: subsystem7
On Feb 15, 2008, at 6:53 PM, Brent Putman wrote:
Scott Cantor wrote:
Thanks. In my specific example (ID-WSF 2.0), the resultantI don't think that it would be all that appropriate to treat a Security
ds:Signature is added as a child of the wsse:Security SOAP Header. I
am signing the SOAP Body and several Headers, including some elements
of the wsse:Security header. At present, I am doing the signing with
my own signing class, I'd like to transition to using the OpenSAML
signing features. Is the case I described above be easily possible?
header as a plain signature parent. Typically the Signature in there
references more than just the parent element, and is application- specific.
Plus which the spec allows multiple signatures in there.
Yes, agreed, I don't think your wsse:Security header or whatever would extend from AbstractSignableXMLObject. It may or may not be signed itself, depending on the profile, and there could be multiple ones, which that class does not allow. That class was really centric to the SAML single enveloped signature case.
I don't see a problem with treating the Signature(s) as just plain children of the header.
- AbstractSignableXMLObject, Asa Hardcastle, 02/15/2008
- Re: AbstractSignableXMLObject, Brent Putman, 02/15/2008
- Re: AbstractSignableXMLObject, Asa Hardcastle, 02/15/2008
- Re: AbstractSignableXMLObject, Brent Putman, 02/15/2008
- RE: AbstractSignableXMLObject, Scott Cantor, 02/15/2008
- Message not available
- Re: AbstractSignableXMLObject, Brent Putman, 02/15/2008
- Re: AbstractSignableXMLObject, Asa Hardcastle, 02/15/2008
- RE: AbstractSignableXMLObject, Scott Cantor, 02/15/2008
- Re: AbstractSignableXMLObject, Asa Hardcastle, 02/15/2008
- RE: AbstractSignableXMLObject, Scott Cantor, 02/15/2008
- Re: AbstractSignableXMLObject, Asa Hardcastle, 02/15/2008
- Re: AbstractSignableXMLObject, Brent Putman, 02/15/2008
- Re: AbstractSignableXMLObject, Asa Hardcastle, 02/15/2008
- Re: AbstractSignableXMLObject, Brent Putman, 02/15/2008
Archive powered by MHonArc 2.6.16.