britram
commented
6 years ago Proposed solution: connection initiators and responders always send capabilities on connection, server-ness is a mandatory capability.
Closed fehlmach closed 6 years ago
britram
commented
6 years ago Proposed solution: connection initiators and responders always send capabilities on connection, server-ness is a mandatory capability.
britram
commented
6 years ago Alternate proposed solution: "I don't need a signature, please verify assertion for me" is a query option which only clients send.
"Servers only process query and notification sections when connected to clients; a client sending assertions to a server results in a 400 Bad Message notification."
How does a server know if a connection is initiated by a client or by a server? If it cannot distinguish the two it also cannot act accordingly.