[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: XML Encryption Working Draft
> Hello, everyone. First, I'd like to say that I was very impressed with > the progress we made at this week's F2F I concur with the feeling of having reached a sort of breakthrough and in praise for Jeff and Bob. > * Is it possible to revisit our requirements/non-goals at this > late date? (Hmm, did I say "late"? B-) Considering that the current proposals do not even cover signatures, which we surely want, I am in favor of adding encryption, assuming the XMLenc spec is relatively stable. There is a large risk that either SAML will be dismissed because it lacks this or that implementors will attempt to "roll their own." > > * Is XML Encryption appropriate for SAML? At what level > (assertions, messages)? Past discussions have included the idea of encrypting individual elements of assertions, however I suggest we could live with encrypting entire assertions in version 1, if it makes it easier (faster) to develop our spec. I guess if AuthZ Decision Assertions Requests contain much the same contents as the AD Assertions returned, then we will have to be able to encrypt them as well. > * Is the bump in scope that this would entail worth the payoff > in terms of a having a standard, protocol-independent > confidentiality mechanism? I vote yes. > * Where would adaptation of XML-Enc to SAML fit into the spec? > Core? Bindings? Another group? I think it is clearly part of core. As you pointed out in your previous message, it goes across all bindings. Of course, a particular binding would have to specify whether and how to use it and security and privacy considerations will have to analyze the effects. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC