Development #49
Report which assertion is signed and who signed it
Début:
21 mai 2010
Echéance:
% réalisé:
0%
Temps estimé:
20:00 h
Patch proposed:
Planning:
Description
Extract from a comment in mod_mellon in auth_mellon_handler.c:936 :
«
/* TODO: lasso only verifies the signature on the first asserion
* element. Therefore we can't trust any of following assertions.
* If the Response-element is signed then we can trust all the
* assertions, but we have no way to find what element is signed.
*/
»
It would be useful to add a quark attachement to nodes giving their signature
validation status, mainly request/response messages and assertions.
Historique
Mis à jour par Benjamin Dauvergne il y a plus de 13 ans
- Catégorie mis à Core
- Version cible changé de future à 2.4.0