Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Re: [OpenSAML] NameId

Subject: OpenSAML user discussion

List archive

Re: Re: [OpenSAML] NameId


Chronological Thread 
  • From: Xavier Drudis Ferran <>
  • To:
  • Subject: Re: Re: [OpenSAML] NameId
  • Date: Thu, 19 Jun 2008 18:25:36 +0200

On Thu, Jun 19, 2008 at 12:18:51PM -0400,

wrote:
> I tried to implement this
> if the user clicks a link that is going to another site, i want to send
> SAML assertion with my company name in it. and i am trying to digitally
> sign our domain information so that only the recipent will know that the
> request is coming from us.
>

Well, at least it doesn't take SAML expertise to answer this.

When you digitally sign something you enable everybody to make sure
it is you who signed exatcly that something. But if you need to
ensure that only the recipient knows the information, you have
to encrypt it, whether you additionally sign it or not.

The case for signing it would be to ensure that any client going
to the recipient sign and pretending you sent her there can be uncovered
if it doesn't come from your site.

> am i going in the right direction? i got the above example XML from
> securing web services with WS-security jothy rosenberg book listing 6.8.
> please giove me some direction on this
>

Where's the XML ?

--
Xavi Drudis Ferran




Archive powered by MHonArc 2.6.16.

Top of Page