|
|
|
|
|
|
by paulddraper
621 days ago
|
|
|
> If you want even the most basic type checking, XML schema becomes mandatory. This is important, since JSON doesn't need a schema for handling basic types Huh? > the main problem with SAML is that it relies on XML Signatures (XMLDSig). And the main problem with XML Signatures is that the signature needs to be embedded inside the XML it's signing, instead of being attached to it, like every other signature standard on the planet. You are correct that is the hardest part of SAML, but to be clear, there's a SignatureValue element that is separate from SignedInfo. And you can use a library to sign. I don't see many implementing their own JWT signatures either. |
|
|