RE: Minutes of 15 May 2001 Security Services TC/Focus telecon

["Platt, Darren" <dplatt@securant.com>]

FYI, Robert Griffen has already cleared up this issue - no need to respond
my previous email. 

Just wanted to share another tidbit - we already have a non-goal:

"SAML does not define a data format for encrypting assertions or messages
independent of binding protocol. However, this non-goal will be revisited in
a future version of the SAML spec after XML Encryption is published. "

So I think we're going to end up being pretty explicit in this area :~).

Regards,

Darren



> -----Original Message-----
> From: Platt, Darren [mailto:dplatt@securant.com]
> Sent: Friday, May 18, 2001 12:48 PM
> To: 'Eve L. Maler'; security-services@lists.oasis-open.org
> Subject: RE: Minutes of 15 May 2001 Security Services TC/Focus telecon
> 
> 
> I would like to include such a requirement, but we already 
> have these ...
> 
> ·	[R-Signature] SAML assertions and messages should be
> authenticatable.
> ·	[R-Confidentiality] SAML data should be protected from 
> observation
> by third parties or untrusted intermediaries.
> ·	[R-BindingConfidentiality] Bindings SHOULD (in the RFC sense)
> provide a means to protect SAML data from observation by 
> third parties. Each
> protocol binding must include a description of how 
> applications can make use
> of this protection. Examples: S/MIME for MIME, HTTP/S for HTTP.
> 
> ... and I'm not sure how a new one would fit in.  I think we might be
> covered already by [R-Confidentiality]. We went over this 
> issue a few times
> in the requirements working group, and this is the best text 
> we could come
> up with.  Would someone like to propose something else?  
> Perhaps the person
> from the call who had the issue (I don't know who that is)?
> 
> Thanks,
> 
> Darren
> 
> 
> 
> 
> > -----Original Message-----
> > From: Eve L. Maler [mailto:eve.maler@east.sun.com]
> > Sent: Friday, May 18, 2001 11:59 AM
> > To: security-services@lists.oasis-open.org
> > Subject: RE: Minutes of 15 May 2001 Security Services 
> TC/Focus telecon
> > 
> > 
> > At 10:56 AM 5/18/01 -0700, Platt, Darren wrote:
> > >I have an action in here that I don't understand - I can't 
> > find what it
> > >refers to in my notes.  Does anybody know what requirement 
> > this refers to:
> > >
> > > > NEW ACTION: Darren to add this requirement to requirements doc.
> > 
> > Sorry!  Those pesky indexicals again. :-)  I pulled all the 
> > actions out of 
> > the main text.  I think this was referring to the 
> > signature/encryption 
> > optionality.
> > 
> >          Eve
> > --
> > Eve Maler                                             +1 
> 781 442 3190
> > Sun Microsystems XML Technology Development  eve.maler @ 
> east.sun.com
> > 
> > 
> > ------------------------------------------------------------------
> > To unsubscribe from this elist send a message with the single word
> > "unsubscribe" in the body to: 
> > security-services-request@lists.oasis-open.org
> > 
> 
> ------------------------------------------------------------------
> To unsubscribe from this elist send a message with the single word
> "unsubscribe" in the body to: 
> security-services-request@lists.oasis-open.org
>