Development #49
Report which assertion is signed and who signed it
Start date:
21 May 2010
Due date:
% Done:
0%
Estimated time:
20:00 h
Patch proposed:
Planning:
Description
Extract from a comment in mod_mellon in auth_mellon_handler.c:936 :
«
/* TODO: lasso only verifies the signature on the first asserion
* element. Therefore we can't trust any of following assertions.
* If the Response-element is signed then we can trust all the
* assertions, but we have no way to find what element is signed.
*/
»
It would be useful to add a quark attachement to nodes giving their signature
validation status, mainly request/response messages and assertions.
History
Updated by Benjamin Dauvergne about 14 years ago
- Category set to Core
- Target version changed from future to 2.4.0