[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [imi] Question regarding encryption
--Apple-Mail-1112-563680233 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Mario, If a auditing mode card is not used, there is no audience restriction = in the SAML token. The response is encrypted to the selector and then the selector encrypts = it to the RP. In both cases the RP receives a token encrypted with it's public key. If the RP is not SSL the token is not encrypted to the RP in ether case. Auditing or not is largely (read the spec for auditing optional) = controlled by the issuer, and is pert of the card meta-data. A user has control by selecting a auditing card or a non-auditing card. = However the selectors don't show the user what sort of card it is. = They could do it, but the current ones don't to my knowledge. In principal if a user doesn't want a IdP to know where they are using = the card, they should use a p-card or choose a issuer they trust. John B. On 2009-12-07, at 7:28 AM, Mario Ivkovic wrote: > Hi all, >=20 > I've a question regarding encryption and privacy. Maybe this has been = already discussed and I missed it. >=20 >=20 > A security token issued by an IdP is - if the IdP knows the = certificate of the RP - encrypted with the RP's public key. >=20 > But if for some reasons the user doesn't want that the IdP knows the = RP but still wants encryption this cannot be done. Is it possible to = encrypt the token with a public key belonging to the user (card = selector)? The user then decrypts the token, verifies it, and then = encrypts it again with the RP's public key. >=20 > kind regards, >=20 > Mario >=20 > --=20 >=20 > DI Mario Ivkovic > A-SIT, Secure Information Technology Center - Austria > Inffeldgasse 16a, A-8010 Graz, Austria > Tel.: +43 (316) 873-5528 Fax.: +43 (316) 873-105521 > Mario.Ivkovic@a-sit.at >=20 > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php=20= --Apple-Mail-1112-563680233 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIISjTCCA2gw ggLRoAMCAQICEB33j5shi+K5JpDD+pT/JY8wDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkEx JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA4MTIxMjAxNTQzMVoXDTA5MTIxMjAxNTQz MVowgZ8xHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIxHzAdBgkqhkiG9w0BCQEWEGpi cmFkbGV5QG1hYy5jb20xHjAcBgkqhkiG9w0BCQEWD2picmFkbGV5QG1lLmNvbTEdMBsGCSqGSIb3 DQEJARYOdmU3anRiQG1hYy5jb20xHDAaBgkqhkiG9w0BCQEWDXZlN2p0YkBtZS5jb20wggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEHYYZtnmnyZW2DXoJINd4XwXcP7mxuzwvhv9ise38 G+1B0TwZjbTZxSSj9v+tdNQDQkJdlEOs6IftnFyojhqUk16X0BxIt6lx0c3j63bOG9aKWb5gXT+v qb/U+KSRVP1NaJzrUhkyk1YhSSQD4xbMSMKFg9591IyHGKSGEwVnSy/ao8T2mZ1o+0Pa4XgzAqcj N1lij5futahpcch2xnBkNTcd1HmtW4rmz3G9EQPtNmDATX/IfMedNt51RY9001SUvbgmneKJXONl qfzM4KfrHhvw7VA83lv8U5mt6uoUNnbOEgGxYRwp0jGoio91WSti8R8YEsx7VAg5G7Qnnov9AgMB AAGjXTBbMEsGA1UdEQREMEKBEGpicmFkbGV5QG1hYy5jb22BD2picmFkbGV5QG1lLmNvbYEOdmU3 anRiQG1hYy5jb22BDXZlN2p0YkBtZS5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOB gQAOGO9fnD8Fc3s4vnLVl/J1+YlEp7M2q6BQN/xdsqaYxH+j6+PHf3mkGk71AXyFDC0o0O6+jEtM 0MxZ1wI1u9oSmpERdzuWJX0V8Dmd0AHVWAOpgONj0z0tTngsfy6oTHv6lfqproqhHx5EdvL3OL6K 5KQngYsjn1EGdUjnjHj9pzCCBzcwggYfoAMCAQICAgDeMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD VQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg Q2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IElu dGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcNMDkwMzIwMTk1NjIyWhcNMTAwMzIwMTk1NjIyWjCBozEL MAkGA1UEBhMCQ0ExGTAXBgNVBAgTEEJyaXRpc2ggQ29sdW1iaWExEjAQBgNVBAcTCVZhbmNvdXZl cjEtMCsGA1UECxMkU3RhcnRDb20gVmVyaWZpZWQgQ2VydGlmaWNhdGUgTWVtYmVyMRUwEwYDVQQD EwxKb2huIEJyYWRsZXkxHzAdBgkqhkiG9w0BCQEWEGpicmFkbGV5QG1hYy5jb20wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp4FL6v23T0f0pRJbhb9i+VnFIqM1HWlrTXuVPCho/vJ2Y mN0XI3yLQIxtbepSJ1k/+BlysAIC0XtzgY9/6jSzEwgcLWlVQA2EJLgczBMDYpEgGq7ksnYgieLk dY3Wa/ZDyQ34aC9fS/ZLNCtplnXJFKklyojar2hXZexSVDR/iJycwAP+jcW0GTanY5X5HQgasOJF g+wve3J/siM77fNgklLaIWQhGBjL56AjgCFat323oSqegcymW3ifn/GCjE9dFDxPhJPTfBWxNdt4 CZYQJO53xEuKq9Tqz2q+bVCU25d+qOcYPLhmCiTd6kWxM0/2u0gd0jfptinpz/7oZAUdAgMBAAGj ggOIMIIDhDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB BQUHAwQwHQYDVR0OBBYEFInfLf4tth8xkQAt3Z2NeBq+28BnMBsGA1UdEQQUMBKBEGpicmFkbGV5 QG1hYy5jb20wgagGA1UdIwSBoDCBnYAUrlWDb+wxyrn3HfqvazHzyB3jrLuhgYGkfzB9MQswCQYD VQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHmCAQ4wggFHBgNVHSAEggE+MIIBOjCCATYGCysGAQQBgbU3AQIAMIIBJTAuBggrBgEFBQcC ARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0cDov L3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCBvAYIKwYBBQUHAgIwga8wFBYNU3Rh cnRDb20gTHRkLjADAgEBGoGWTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMGMG A1UdHwRcMFowK6ApoCeGJWh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwK6Ap oCeGJWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGB MH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVu dC9jYTBCBggrBgEFBQcwAoY2aHR0cDovL3d3dy5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNz Mi5jbGllbnQuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkq hkiG9w0BAQUFAAOCAQEAqxkg6t2pWyE12tTDzRmvZGIcWfM+MrGobq0Uob+EhJ8ntYXECWcBPFk3 K2cwWI18sNLs7g/eJ1/DHwecTwfkMFPSTwVjFyKnowNUzFn/bcNWGEqrulOaPgOs80HYpkrBLBcp 1RuWSyM1qV/Oz3KajMFFwrYfpLrLltITRv1o5U3loYY5AEv5+n9eHXb5KsCX0zVEDlegVJO8yhUj e3EKoU+kl0UvSPMq6NokF2D455QNJAJJvAV3tf29wt1Z2x+ccsQJkToL4pd8D0igrt9iWgF3YcSj nVWQlrXQVEB1mCUxqldoC2XsCB2B6DDx+95Dzp3a/YDx7im1lppWEGMTxjCCB+IwggXKoAMCAQIC AQ4wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4x KzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0 YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIx MDI1NFowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJT ZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFz cyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6G H0YFn7fq5RADteP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2 acScnzczjBCAo7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoY SZ3q4+RJuPXXfIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//Cs FnB9+uaYSlR65cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1Ud EwQFMAMBAf8wCwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYD VR0jBIGgMIGdgBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYD VQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBT aWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNV HRIEAjAAMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5j b20vc2ZzY2EuY3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9z ZnNjYS1jcmwuY3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFd BgNVHSAEggFUMIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2Nl cnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0 Y29tLm9yZy9pbnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJj aWFsIChTdGFydENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNl Y3Rpb24gKkxlZ2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBB dXRob3JpdHkgUG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9s aWN5LnBkZjARBglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNz IDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqG SIb3DQEBBQUAA4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UB Xsw9DKU8TylE4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiB Ev0HmHnDxjhnJIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lyky SQNp2ElIJ8H1z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DY UK3spiQkJpN7qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn 9LCdeK2j4ZbQ3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSo a35XJTcYf/4E/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBY L/yxkXGgkLC9tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYs dUPBw6r6ZxDHjXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE8 7qrh9Fqti9bKqnkvpTGCAy4wggMqAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4 MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EC AgDeMAkGBSsOAwIaBQCgggFvMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkF MQ8XDTA5MTIwNzEzMDcxOFowIwYJKoZIhvcNAQkEMRYEFH0YY2sXNIqq488oBjwCrTsAl41tMIGF BgkrBgEEAYI3EAQxeDB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGlu ZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBD QQIQHfePmyGL4rkmkMP6lP8ljzCBhwYLKoZIhvcNAQkQAgsxeKB2MGIxCzAJBgNVBAYTAlpBMSUw IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVy c29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQHfePmyGL4rkmkMP6lP8ljzANBgkqhkiG9w0BAQEF AASCAQCvgWpp+RTslBbCmctU7/w190kN2uwmWaDrYurX/2smM9xetmMPbx81iiglBN1FqOsq71+S PSyxFWT3Ml6DmX0nSpNek6q8i05k/RdGk/Fm5Ddt5rdU2bJqUUH+frC/Af2t5qgn1ARbDMvPgdC3 NDCFXcICZ+MIyI76xvYXTM1oMtvZiuIFnLPiOkPAJxnUZ0mx5pbUHr2wlscTqgPZrLTX61+EeMAz ag+oYUDLc6i71aiIy0D6ndoMcqrO0DI1n+ZHJKbdwaBGLv5/ONH+Q9JRX3JUvJTuk+BHBd9ZbFn9 98+wc4K+iTx9DaVXlRUUAuiY0NntqYuIJesATtnPeCIHAAAAAAAA --Apple-Mail-1112-563680233--
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]