In this case I think you should send a response rather than encrypted assertion
"Cantoris Scott" <[email protected]> wrote:
>On 7/10/13 6:33 PM, "Sam Hartman" <[email protected]>
>wrote:
>>
>>seems to me that if you have a way of getting a credible key for the
>SP,
>>then it's fine to use it.
>>
>>If you encrypt in a key that the other party doesn't know, interop may
>>be impacted. This is probably unsurprising:-)
>
>I have no issue with allowing it, I just wanted to note it as another
>case
>where the object "at hand" might not be <saml:Assertion>. I also don't
>know if it warrants defining a different RADIUS attribute to carry it.
>
>-- Scott
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
