[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Secure XRD Proposals
Hi I have created a page: http://wiki.oasis-open.org/xri/XrdOne/SecureXrd It is the result of some private message exchange among me, Brian and John. If we were to forget about the backward comaptibility to XRDS2.0, I personally like 1.2 SAML POST Simple Sign Binding style. Otherwise, I like 1.3 Backword Comaptible XRD. Related, but separet topic beside the format is whether to include SigAlg in a signed material. XML Sig calls for SigAlg to be included in the signed material citing weak algorithm attack. Then, there is an argument that while theoretically interesting, the real risk is very small. Please discuss on this as well. Actually, if we take 1.2 SAML Simple Sign Style, we can get SigAlg outside of XRD and still sign it, so it is quite nice.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]