8. Verifying Assertions
8. Verifying Assertions
Verification involves checking the digital signature of the assertion and validating its contents. The verifying UA MUST ensure that:
- The assertion is signed by a trusted IdP.
- The assertion is valid (not expired/revoked).
- The identity in the assertion corresponds to the expected domain.
- The fingerprint in the assertion matches the fingerprint of the remote peer's DTLS certificate.
Browser UI SHOULD indicate the status of identity verification to the user (e.g., "Verified call from [email protected]").