[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] SAML2 Holder-of-Key Assertion Profile
> I agree this is one of two open issues (the other is conformance). If > a key-based processing model doesn't otherwise detract from a PKI (if > one happens to exist), I could support it. I'm not yet convinced > that's the case, however, which is why I proposed a natural processing > model based on the particular X.509 data item bound to the assertion. I think the primary benchmarks should be security and simplicity. I also think that adding processing rules that increase the chances of failure without adding any security are a bad idea. That's been my experience with PKI. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]