Project

General

Profile

Development #49

Report which assertion is signed and who signed it

Added by Benjamin Dauvergne about 9 years ago. Updated almost 4 years ago.

Status:
Nouveau
Priority:
Normal
Assignee:
-
Category:
Core
Target version:
Start date:
21 May 2010
Due date:
% Done:

0%

Estimated time:
20.00 h
Patch proposed:
Planning:
No

Description

Extract from a comment in mod_mellon in auth_mellon_handler.c:936 :
«
/* TODO: lasso only verifies the signature on the first asserion * element. Therefore we can't trust any of following assertions. * If the Response-element is signed then we can trust all the * assertions, but we have no way to find what element is signed.
*/
»

It would be useful to add a quark attachement to nodes giving their signature
validation status, mainly request/response messages and assertions.

History

#1 Updated by Benjamin Dauvergne about 9 years ago

  • Tracker changed from Bug to Development

#2 Updated by Benjamin Dauvergne almost 9 years ago

  • Target version changed from future to 2.4.0
  • Category set to Core

#3 Updated by Benjamin Dauvergne almost 7 years ago

  • Assignee deleted (Benjamin Dauvergne)

#4 Updated by Benjamin Dauvergne almost 4 years ago

  • Target version changed from 2.4.0 to future

Also available in: Atom PDF