cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Metzler <Christian.Metz...@abas.de>
Subject Re: SAML2 RACS for signed responses
Date Wed, 27 Nov 2013 10:45:14 GMT
Hi Sergey, hi Colm,

Am 27.11.2013 11:31, schrieb Sergey Beryozkin:
> I can see that it is a bearer assertion, which is where KeyInfo is 
> optional, right ? 
That's not what I understand when reading the SAML2 Specification:

http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Page 70, Section 5.4.5  KeyInfo

XML Signature defines usage of the <ds:KeyInfo> element. SAML does not 
require the use of
<ds:KeyInfo>, nor does it impose any restrictions on its use. Therefore, 
<ds:KeyInfo> MAY be
absent.

So IMHO the KeyInfo is completely optional.

Regards,

Christian

-- 
***********************************************************************
Christian Metzler * Software Developer
ABAS Software AG * Südendstraße 42 * 76135 Karlsruhe * GERMANY
Phone: +49(0)721-96723-0 * Fax: +49(0)721-96723-100
http://www.abas-software.com * http://www.abas.de
Board of Directors / Vorstand: Werner Strub, Jürgen Nöding
Chairman Board of Directors / Vorstandsvorsitzender: Werner Strub
Chairman Supervisory Board / Aufsichtsratsvorsitzender: Udo Stößer
Registered Office / Sitz der Gesellschaft: Karlsruhe
Commercial Register / Handelsregister:  HRB 107644 Amtsgericht Mannheim
***********************************************************************


Mime
View raw message