OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Does encryption need to be called out as MTI?


Prateek,

I strongly concur with this.  This text would allow me to answer "yes"
to the action item assigned under my name re: comments on the
conformance doc.



 ~ Rick Randall
   Booz Allen Hamilton


"Mishra, Prateek" wrote:
> 
> Three generic encrypted elements are found within the SAML 2.0 CD.
> 
> 1) <saml:EncryptedID>
> 2) <saml:EncryptedAssertion>
> 3) <saml:EncryptedAttribute>
> 
> I am omitting those elements/attributes that are specific to particular
> protocols (e.g., Name Identifier mapping).
> 
> It is not always clear to me (perhaps with the exception of
> <saml:EncryptedID>) when conformant implementations should be ready to
> create or consume these encrypted elements. I would propose the following
> text to be added to the conformance document:
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> Conformant implementations MUST be able to process or generate the following
> encrypted elements: 1) <saml:EncryptedID>, 2) <saml:EncryptedAssertion>
> 3) <saml:EncryptedAttribute> in any context where they are required to
> process or generate the corresponding unencrypted elements 1) <saml:NameID>,
> 2) <saml:Assertion>, 3) <saml:Attribute>.
> 
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]