[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] XML Encryption guidance issue
Scott >Gary Ellison noted that usng an OOB symmetric key to encrypt the encryption keys used is likely to be >useful in such a case to make the process efficient. Right, this fits in with not mandating particular key management mechanisms. > >Super-encryption, which means encrypting content that includes > >encrypted content, is not specified in the SAML specifications, but > >this does not mean it couldn't occur in a SOAP messaging component of > >the system - but the SAML specifications are silent on the topic and I > >believe this is appropriate. >Well, it could happen with SAML quite easily such as an encrypted assertion that contains an >EncryptedID or EncryptedAttribute. The question is, do we need to say anything about it? I'm not sure >why encrypting an element that happens to have stuff from the XMLEnc spec in it is different from any >other element. I don't think much need be said in this case. Regards, Frederick Frederick Hirsch Nokia
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]