OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] [sec cons] notes on possibly relevant threads

I have been keeping some informal notes on discussion threads on the lists
that're relevant wrt security considerations. I'd mentioned to Chris that I'd
pass 'em along as part of his taking on the sec cons work, so here they are.
these were meant to be used by myself, so they're admittedly cryptic, and (NOTE)
don't encompass discussions that've happened since late Aug, and might not be
complete or particularly relevant any longer (i.e. superseded). Your mileage may
vary, etc. 

The threads are identified by subject line patterns I use to search my
repository of security-*@oasis* msgs. Most threads are on the security-services
list, but some might be on -bindings or -consider (I sort 'em all into one
place, so I don't worry too much about which list). Some specific threads that I
was looking at while putting draft-sstc-sec-consider-00 together have dates
noted so I could be sure to ident the precise msg. Also, these notes aren't in
any particular order.

I suppose that at a minimum, going thru these threads is an act of due-diligence
-- ensuring that all security-relevant notions that've been brought up in our
discussions are duly noted in the security considerations doc/sections-of-docs.

Again, our milage may vary, this isn't a complete list, portions may/are
superseded, etc. 

thanks,

JeffH
------

 subject: *xml security gap*                       <-- sec consider & xmldsig
 subject: *digital signing in saml*                <--
 subject: Note on digital signing in saml*         <-- 


 subject: *encryp*
 subject: Defective sign & encrypt vis-a-vis SAML? <-- sec consider


 subject: *browser*                               <-- sec consider
 subject: Comparison of the two web browser discussions

 to: bindings                               <--  sec consider
 subject: *minut*                           <-- (at least one of the 
                                                 minutes of the bindings 
                                                 group had some sec cons
                                                 discussions)


 subject: *artifact*                              <--
 subject: *shibb artifact*                        <-- explicit sec cons
	Mon, 13 Aug 2001 15:07:47 -0400  mishra

 subject: *sec-consider-00*                       <-- explicit sec cons
	Tue, 14 Aug 2001 09:32:51 -0400  moses

 subject: *one time use saml artifact*            <-- explicit sec cons
	Wed, 15 Aug 2001 10:14:25 -0400  mishra

                                                  <-- expl. Priv Cons
 Subject: *InterCall Confirmation of Conference Call Reservation *
         Wed, 15 Aug 2001 18:17:43 -0400

 section 4.1.5 of bindings-model-05               <-- explicit sec cons


 subject: *holderofkey*                          <--- sec cons?

 subject: First Contact                           <-- sec consider
 subject: RE: Consensus Draft schema and discussion papers (moses)
 subject: Update: Contributed doc. browser bindings incl. Shibboleth

 subject: protocol bindings                       <-- sec consider
 from: godik

------
end

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC