OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Metadata errata items


> During last year's 4Q07 SAML 2.0 Liberty interop test, we ran into the
> question about the interpreting and use of EncryptionMethod. Within the
> group of participants, there was a disagreement on whether it indicates
that
> any listed encryption methods and transports algorithms are supported ON
TOP
> of those required in SAMLConf 4.2 or it indicates the implementation only
> supports those specifically called out in the EncryptionMethod element?

Metadata always lists what you support. There's nothing "implicit" anywhere
else in the spec. My confusion over the element definitely is *not* due to
that question.

> To your question, the Liberty interop is temporarily ignoring the
> EncryptionMethod element but waiting direction from SSTC for future
actions.

Since the element came from Liberty to begin with, there's nobody else to
get guidance from. If nobody knows how to use it, I would suggest we
deprecate it.

I was never comfortable with it in light of the fact that we don't do
anything with signing algorithms, TLS cipher suites, etc.

-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]