Report which assertion is signed and who signed it
21 May 2010
Extract from a comment in mod_mellon in auth_mellon_handler.c:936 :
/* TODO: lasso only verifies the signature on the first asserion * element. Therefore we can't trust any of following assertions. * If the Response-element is signed then we can trust all the * assertions, but we have no way to find what element is signed.
It would be useful to add a quark attachement to nodes giving their signature
validation status, mainly request/response messages and assertions.
Updated by Benjamin Dauvergne almost 13 years ago
- Tracker changed from Bug to Development
Updated by Benjamin Dauvergne over 12 years ago
- Category set to Core
- Target version changed from future to 2.4.0
Updated by Benjamin Dauvergne almost 11 years ago
- Assignee deleted (
Updated by Benjamin Dauvergne almost 8 years ago
- Target version changed from 2.4.0 to future