OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Attribute Sharing Profile

I would suggest that the Assertion MUST be signed, and the Response MAY be signed. This is more in line with the SAML 2.0 main specifications.

::Ari

> 
> [section 4] Evidently, both the <Response> and the <Assertion> MUST be
> signed (lines 194--195 and lines 250--251, resp.).  Is this really
> necessary?  I suggest the <Assertion> MAY be signed if the situation
> warrants.
> 

---------------------
Ari Kermaier
Oracle Corporation

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]