OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Proposed change to POST-SimpleSign bindingdraft 02

Scott Cantor wrote:
 >
 > But if you had a signed Response (signed as XML I mean), you should be
 > legally able to send it via the POST-SimpleSign binding as long as you also
 > include the simplified Signature as well.

agreed.


 > The upshot is that there's just a single change to the last draft, making it
 > legal to leave the original XML Signature in place

yes, more or less. we might then want to incorporate more of the original POST 
binding's security considerations wrt protocol msg being signed, or point to 
the orig binding for that info (its not that long, i'm leaning towards 
including it).


JeffH

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]