Thank you for the information. It helps. Thanks Tsun
On Tue, Apr 22, 2014 at 8:32 AM, Cantor, Scott <[email protected]> wrote: > On 4/22/14, 5:08 AM, "David Yu" <[email protected]> wrote: > > >Does Santuario check if the certificate is signed by CA before verifying > >XML signature? > > Not generally. > > >If I use the X509Data(if it is self-signed) from XML to verify the > >signature, how do I ensure the XML is sent from the trusted party? > > By implementing a trust management strategy that fits your scenarios, for > example [1]. > > Every problem domain is different, but in general if you're tempted to > just do some hand waving with "a trusted CA", you're oversimplifying the > problem. > > -- Scott > > [1] https://wiki.shibboleth.net/confluence/display/SHIB2/TrustManagement > > >
