On 10/03/2012 04:56 PM, Sam Hartman wrote: >>>>>> "Stephen" == Stephen Farrell <[email protected]> writes: > > > Stephen> 3) verify if present and fail transaction if not > Stephen> good-signature but handle transaction if no signature > Stephen> present as if a good signature was present > > Stephen> If so, yes that'd almost certainly be unreasonable. > > Yes that is what I meant. > > I've been interpreting your request in the ABFAB context as a request > for exactly that.
It wasn't. > If that isn't what you've been asking us to consider I'd like to > understand better > > 1) What you're asking for specifically The justification for why its safe to ignore a signature, when one is present that could, in principle, be verified and thus provide e2e integrity/origin-authentication for the attributes extracted from the signed SAML assertion. Stating that its hard to get the right keys in the right places explains your design choice but doesn't communicate why that design is a safe one. > 2) Why the departure from the standard RADIUS assumptions about > integrity and authorization is justified. I'm asking that you justify the departure from the standard SAML assumptions about assertions that are signed by an IdP. S. > > > _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
