Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In the verification process the following criteria of the XML signature are also considered. However, at the moment they are not considered to be fatal errors. errors (some items on this list will be moved to the table above when the eduGAIN SAML Profile v2 makes them mandatory).

  • The signature was made using an explicit ID reference, not an empty reference.

  • The signature reference refers to the document element (this helps to avoid "wrapping attacks").

  • The digest algorithm is at least as strong as SHA-256. Specifically, MD5 and SHA-1 are not permitted as digest algorithms.

  • The signature method is RSA with an associated digest at least as strong as SHA-256. Specifically, MD5 and SHA-1 are not permitted as digest algorithms.

  • The signature's transforms contain only permissible values:

    • Enveloped signature

    • Exclusive canonicalisation with or without comments

...