[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: SAML and EBMS 3.0 [SEC=UNCLASSIFIED]
Hi All, Received the following from one of my colleagues in the Australian Government. I am assuming that dual signing is neither desirable nor intended.
Is this something we can discuss and clarify? Regards, Ian. Ian Otto Department of Industry, Innovation,
SAP House, Level 8.49, Bunda Street, Canberra City ACT 2600 From: Jones, Dean (Security Architect) [mailto:Dean.Jones@ato.gov.au]
Hi Malcolm, Ian,
There are currently some discussions going on here about the EBMS standard. I was pulled in to give my opinion about the following extract from the standard and how it affects us using SAML
with EBMS. Without looking deeply into the context my answer was that SAML could not be used as the sole mechanism for message integrity. If SAML signing were used (and we didn't want to break the standard)
then we would have a dual signed EBMS message. Do you have a different view?
Thanks.
2328
7.2. Signing Messages
<<ebms_core-3.0-spec.zip>>
Dean Jones
Middleware and Common Services /
********************************************************************** ************************************************************************* The Commonwealth does not warrant that any attachments are free The security of emails transmitted in an unencrypted environment |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]