saml-dev message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: using HMAC-SHA1 as for SSO (SAML)
- From: swu@axolotl.com
- To: saml-dev@lists.oasis-open.org <saml-dev@lists.oasis-open.org>
- Date: Thu, 8 Mar 2012 17:28:42 -0800
Hello all,
We have a customer who wants to use
HMAC-SHA1 (with a shared symmetric key) as digital signature vs our standard
RSA-SHA1, we are trying to see if SAML spec allows it.
Obviously HMAC-SHA1 is faster but since
I am not a crypto person, it is hard for me to tell the customer if there
is any security vulnerability at the crypto level. We know it provide
integrity, some level of authentication, can it provide non reputation
for auditing purpose ?
I see a draft of SAML using HMAC-SHA1,
does it mean HMAC-SHA1 will be supported ? Thanks
www.oasis-open.org/committees/wss/documents/WSS-SAML-06.doc
Please advise, thank you so very much
!!!!
Stephen
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]