OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: signing and encryption requirements in metadata

SAML V2.0 metadata offers the following three attributes:

IDPSSODescriptor/@WantAuthnRequestsSigned
SPSSODescriptor/@AuthnRequestsSigned
SPSSODescriptor/@WantAssertionsSigned

Along these lines, the following might be useful:

IDPSSODescriptor/@WantQueriesSigned
AttributeAuthorityDescriptor/@WantQueriesSigned
PDPDescriptor/@WantQueriesSigned

Is there some reason these were omitted, or is it simply a matter of
supporting the most commonly used profile (i.e., SSO)?

Also, wouldn't it be useful if encryption requirements could be called
out at the SP?

SPSSODescriptor/@WantAssertionsEncrypted
AttributeConsumingService/@WantAttributesEncrypted

Was this ever discussed as the metadata spec was being developed?

Thanks,
Tom

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]