- From: Scott Cantor <cantor.2@osu.edu>
- Date: Mon, 19 Apr 2010 13:09:46 -0400
- To: "'Meiko Jensen'" <Meiko.Jensen@ruhr-uni-bochum.de>, "'Pratik Datta'" <pratik.datta@oracle.com>
- Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
> The troubles start when the signed contents start before you've read the > SignedInfo (as e.g. in SAML tokens, since they use enveloped signatures). Yes, but this creates a chicken/egg scenario with the specification (of SAML in this example), and it's not at all a given that if you were going to "solve" this by altering the signature profile or creating a new one that you wouldn't solve it by punting on XML Signature altogether and just use a "sign the blob" approach as an enveloping signature. -- Scott
Received on Monday, 19 April 2010 17:10:20 UTC