OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services-comment] Additional certficate information

Tom Scavo wrote:
> Peter, when you refer to a draft, please specify the draft number (or
> the document id) and the document type (PDF or whatever).  There are
> many drafts of the HoK Web Browser SSO Profile.
>   
ooups,

sstc-saml-holder-of-key-browser-sso-draft-09.pdf
sstc-saml2-holder-of-key-draft-06.pdf

> Thanks in advance for your comments,
> Tom
>
> On Fri, Nov 21, 2008 at 8:58 AM, Peter Sylvester
> <Peter.Sylvester@edelweb.fr> wrote:
>   
>> As a follow up to my comments during the last days and this morning.
>>
>> 1:
>> Line 424 of the browser-sso-draft says:
>>
>> 'Other certificate information MAY be included in additional child elements
>> of the <ds:X509Data>
>>
>> The restrictions of holder-of-key concerning the choice that can be selected
>> in
>> the X509DataType doesn't  seem to prohibit to add arbitrary elements of the
>> <any> choice.
>>
>> If my reading is correct, one can include for example the XER encoding of a
>> certificate at that place simplifying the parsing of the certificate.
>> Or a sequence of saml attributs
>>
>> 2;
>> Line 447ff permit to use other information from the certificate for whatever
>> other purpose.
>> This can obviously by decoding the certificate, but IMO it is not prohibited
>> to
>> have additional elements in the X509Data prepared by the ID provider.
>>
>> 3:
>> What is the reason for  disallowing  X509CRL ? (Not that I want them).
>>
>>
>> TIA for any additional response.
>> Peter
>>
>>
>>
>>
>>
>>     
>
>   


-- 

<http://www.edelweb.fr>
*Edel/W/eb* 	Peter SYLVESTER
Consultant Sécurité des Systèmes d'Information
-----------------------------------------------------------
EdelWeb - Groupe ON-X
15, quai de Dion-Bouton
F-92816 Puteaux Cedex
Tel : +33.1.40.99.14.14 / Fax : +33.1.40.99.99.58
www.edelweb.fr <http://www.edelweb.fr> / www.on-x.com <http://www.on-x.com>
-----------------------------------------------------------
To verify the message signature, see edelpki.edelweb.fr 
<http://edelpki.edelweb.fr/>
Cela vous permet de charger le certificat de l'autorité de racine 
<http://edelpki.edelweb.fr/cacerts/EdelPKI-ca.der>;
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.

S/MIME Cryptographic Signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]