Should signed assertions be "MUST"?
In 4.3. verified_claims Delivery,
Claims sources SHOULD sign the assertions containing
verified_claims
in order to protect integrity and authenticity.
On the other hand, 10. Security Considerations section states that:
The integrity and authenticity of the issued assertions MUST be ensured in order to prevent identity spoofing. The Claims source MUST therefore cryptographically sign all assertions.
I’m not sure if this should be MUST, as there may be a use case where RP and IdP mutually trust each other and no need to technologically assure the integrity of the Claims.
Comments (4)
-
-
reporter The latter suggestion has been treated in PR39
-
reporter - changed status to resolved
Resolving Issue
#1212Should signed assertions be "MUST"?→ <<cset 2e9996eb0967>>
-
Merged in signed_assertion_is_not_must (pull request #46)
Resolving Issue
#1212Should signed assertions be "MUST"?Approved-by: Torsten Lodderstedt torsten@lodderstedt.net Approved-by: Joseph Heenan joseph@authlete.com
→ <<cset 49439e8cd33d>>
- Log in to comment
Suggest change sentence in 4.3 to something like … “Claims sources SHOULD sign the assertions containing
verified_claims
in order to demonstrate authenticity and provide for non-repudiation.“Suggest removal of “The Claims source MUST therefore cryptographically sign all assertions.“ from section 10.