OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [security-services] Re: [wss] Canonicalization


I don't think SAML 'requires' the original C14N, it simply states that that
is the mechanism that MUST be supported, you can use anything but you have
to accept original. At the time we wrote that bit exclusive was not a
standard but everyone agreed that it was likely to be what people wanted to
use.

I think that we should go with exclusive for WSS as a strong recomendation
but not a MUST.

I think at this stage we should go with what is the best solution rather
than attempt consistency at that level.

We are doing infrastructure, not applications. Only applications
interoperate. What we should do at the infrastructure level is to state what
the options are that applications can use. We should not attempt to bind
applications unless there is an actual requirement to do so - and no testing
does not count.

I think that in the case of WSS there is a reason to choose a c14n alg that
has the exclusive property. But I don't think we should be messing arround
with MUSTs here. Let the application make its choice. They might want to use
schema centric or packed c14N or something else...

That way we don't have to reopen old working groups just to change cipher
suites.


		Phill


> -----Original Message-----
> From: Rich Salz [mailto:rsalz@datapower.com]
> Sent: Tuesday, October 15, 2002 10:51 AM
> To: Flinn, Don
> Cc: wss@lists.oasis-open.org; security-services@lists.oasis-open.org
> Subject: [security-services] Re: [wss] Canonicalization
> 
> 
> Hm..   Is this an accurate summary?
> 
> If the data being signed is going to be enclosed in another 
> envelope, such
> as SOAP, then XML Exclusive C14N should be used.  We should 
> encourage SAML
> to use XML EXCL C14N.
> 	/r$
> 
> 
> 
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
> 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC