imi message

Subject: Re: [imi] SAML 2 profile questions
From: John Bradley <jbradley@mac.com>
To: Scott Cantor <cantor.2@osu.edu>
Date: Thu, 15 Oct 2009 10:44:26 -0300
--Apple-Mail-306-281676369
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii;
	format=flowed;
	delsp=yes

If someone is determined to not use asymmetric signatures,  they are  
not going to be widely interoperable anyway.

If someone in a closed community decided to use HMAC signatures with  
pre-shared  keys it would be on them to make sure there implementation  
supports it.

I think we are flexible enough on what people can do with signatures.

I don't want to remove them as mandatory for IMI.

John B.
On 2009-10-15, at 1:01 AM, Scott Cantor wrote:

> John Bradley wrote:
>> I agree with Scott.   If you want some sort of unsigned token it  
>> should be a different token type.
>
> Or at least a different profile that I can take my name off of.
>
>> I think different signature methods should be supported rather than  
>> limiting it to RSA sigs, but I believe that is allowed now.
>
> The specification is silent about it except where it discusses  
> things like HoK, which is separate from this.
>
>> Scott,  If as a issuer I wanted to use pre shared symmetric keys  
>> would that be supported by this profile?
>
> Anything supported by SAML is supported by the profile, and SAML  
> supports anything defined for XML Signature, which includes HMAC  
> signatures. Of course, those aren't mandatory to implement at the  
> moment, and lots of implementations wouldn't handle them.
>
> -- Scott


--Apple-Mail-306-281676369
Content-Disposition: attachment;
	filename=smime.p7s
Content-Type: application/pkcs7-signature;
	name=smime.p7s
Content-Transfer-Encoding: base64

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIISjTCCA2gw
ggLRoAMCAQICEB33j5shi+K5JpDD+pT/JY8wDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkEx
JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ
ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA4MTIxMjAxNTQzMVoXDTA5MTIxMjAxNTQz
MVowgZ8xHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIxHzAdBgkqhkiG9w0BCQEWEGpi
cmFkbGV5QG1hYy5jb20xHjAcBgkqhkiG9w0BCQEWD2picmFkbGV5QG1lLmNvbTEdMBsGCSqGSIb3
DQEJARYOdmU3anRiQG1hYy5jb20xHDAaBgkqhkiG9w0BCQEWDXZlN2p0YkBtZS5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEHYYZtnmnyZW2DXoJINd4XwXcP7mxuzwvhv9ise38
G+1B0TwZjbTZxSSj9v+tdNQDQkJdlEOs6IftnFyojhqUk16X0BxIt6lx0c3j63bOG9aKWb5gXT+v
qb/U+KSRVP1NaJzrUhkyk1YhSSQD4xbMSMKFg9591IyHGKSGEwVnSy/ao8T2mZ1o+0Pa4XgzAqcj
N1lij5futahpcch2xnBkNTcd1HmtW4rmz3G9EQPtNmDATX/IfMedNt51RY9001SUvbgmneKJXONl
qfzM4KfrHhvw7VA83lv8U5mt6uoUNnbOEgGxYRwp0jGoio91WSti8R8YEsx7VAg5G7Qnnov9AgMB
AAGjXTBbMEsGA1UdEQREMEKBEGpicmFkbGV5QG1hYy5jb22BD2picmFkbGV5QG1lLmNvbYEOdmU3
anRiQG1hYy5jb22BDXZlN2p0YkBtZS5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOB
gQAOGO9fnD8Fc3s4vnLVl/J1+YlEp7M2q6BQN/xdsqaYxH+j6+PHf3mkGk71AXyFDC0o0O6+jEtM
0MxZ1wI1u9oSmpERdzuWJX0V8Dmd0AHVWAOpgONj0z0tTngsfy6oTHv6lfqproqhHx5EdvL3OL6K
5KQngYsjn1EGdUjnjHj9pzCCBzcwggYfoAMCAQICAgDeMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD
VQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IElu
dGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcNMDkwMzIwMTk1NjIyWhcNMTAwMzIwMTk1NjIyWjCBozEL
MAkGA1UEBhMCQ0ExGTAXBgNVBAgTEEJyaXRpc2ggQ29sdW1iaWExEjAQBgNVBAcTCVZhbmNvdXZl
cjEtMCsGA1UECxMkU3RhcnRDb20gVmVyaWZpZWQgQ2VydGlmaWNhdGUgTWVtYmVyMRUwEwYDVQQD
EwxKb2huIEJyYWRsZXkxHzAdBgkqhkiG9w0BCQEWEGpicmFkbGV5QG1hYy5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp4FL6v23T0f0pRJbhb9i+VnFIqM1HWlrTXuVPCho/vJ2Y
mN0XI3yLQIxtbepSJ1k/+BlysAIC0XtzgY9/6jSzEwgcLWlVQA2EJLgczBMDYpEgGq7ksnYgieLk
dY3Wa/ZDyQ34aC9fS/ZLNCtplnXJFKklyojar2hXZexSVDR/iJycwAP+jcW0GTanY5X5HQgasOJF
g+wve3J/siM77fNgklLaIWQhGBjL56AjgCFat323oSqegcymW3ifn/GCjE9dFDxPhJPTfBWxNdt4
CZYQJO53xEuKq9Tqz2q+bVCU25d+qOcYPLhmCiTd6kWxM0/2u0gd0jfptinpz/7oZAUdAgMBAAGj
ggOIMIIDhDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYB
BQUHAwQwHQYDVR0OBBYEFInfLf4tth8xkQAt3Z2NeBq+28BnMBsGA1UdEQQUMBKBEGpicmFkbGV5
QG1hYy5jb20wgagGA1UdIwSBoDCBnYAUrlWDb+wxyrn3HfqvazHzyB3jrLuhgYGkfzB9MQswCQYD
VQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHmCAQ4wggFHBgNVHSAEggE+MIIBOjCCATYGCysGAQQBgbU3AQIAMIIBJTAuBggrBgEFBQcC
ARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcCARYoaHR0cDov
L3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCBvAYIKwYBBQUHAgIwga8wFBYNU3Rh
cnRDb20gTHRkLjADAgEBGoGWTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNlY3Rpb24gKkxl
Z2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
UG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMGMG
A1UdHwRcMFowK6ApoCeGJWh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwK6Ap
oCeGJWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEBBIGB
MH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3MyL2NsaWVu
dC9jYTBCBggrBgEFBQcwAoY2aHR0cDovL3d3dy5zdGFydHNzbC5jb20vY2VydHMvc3ViLmNsYXNz
Mi5jbGllbnQuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkq
hkiG9w0BAQUFAAOCAQEAqxkg6t2pWyE12tTDzRmvZGIcWfM+MrGobq0Uob+EhJ8ntYXECWcBPFk3
K2cwWI18sNLs7g/eJ1/DHwecTwfkMFPSTwVjFyKnowNUzFn/bcNWGEqrulOaPgOs80HYpkrBLBcp
1RuWSyM1qV/Oz3KajMFFwrYfpLrLltITRv1o5U3loYY5AEv5+n9eHXb5KsCX0zVEDlegVJO8yhUj
e3EKoU+kl0UvSPMq6NokF2D455QNJAJJvAV3tf29wt1Z2x+ccsQJkToL4pd8D0igrt9iWgF3YcSj
nVWQlrXQVEB1mCUxqldoC2XsCB2B6DDx+95Dzp3a/YDx7im1lppWEGMTxjCCB+IwggXKoAMCAQIC
AQ4wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4x
KzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0
YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDI1NFoXDTEyMTAyMjIx
MDI1NFowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJT
ZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFz
cyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMsohUWcASz7GfKrpTOMKqANy9BV7V0igWdGxA8IU77L3aTxErQ+fcxtDYZ36Z6G
H0YFn7fq5RADteP0AYzrCA+EQTfi8q1+kA3m0nwtwXG94M5sIqsvs7lRP1aycBke/s5g9hJHryZ2
acScnzczjBCAo7X1v5G3yw8MDP2m2RCye0KfgZ4nODerZJVzhAlOD9YejvAXZqHksw56HzElVIoY
SZ3q4+RJuPXXfIoyby+Y2m1E+YzX5iCZXBx05gk6MKAW1vaw4/v2OOLy6FZH3XHHtOkzUreG//Cs
FnB9+uaYSlR65cdGzTsmoIK8WH1ygoXhRBm98SD7Hf/r3FELNvUCAwEAAaOCA1swggNXMAwGA1Ud
EwQFMAMBAf8wCwYDVR0PBAQDAgGmMB0GA1UdDgQWBBSuVYNv7DHKufcd+q9rMfPIHeOsuzCBqAYD
VR0jBIGgMIGdgBROC+8apEBbpRdphzDKNGhD0EGu8qGBgaR/MH0xCzAJBgNVBAYTAklMMRYwFAYD
VQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBT
aWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBATAJBgNV
HRIEAjAAMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3d3dy5zdGFydHNzbC5j
b20vc2ZzY2EuY3J0MGAGA1UdHwRZMFcwLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9z
ZnNjYS1jcmwuY3JsMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwggFd
BgNVHSAEggFUMIIBUDCCAUwGCysGAQQBgbU3AQEEMIIBOzAvBggrBgEFBQcCARYjaHR0cDovL2Nl
cnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwNQYIKwYBBQUHAgEWKWh0dHA6Ly9jZXJ0LnN0YXJ0
Y29tLm9yZy9pbnRlcm1lZGlhdGUucGRmMIHQBggrBgEFBQcCAjCBwzAnFiBTdGFydCBDb21tZXJj
aWFsIChTdGFydENvbSkgTHRkLjADAgEBGoGXTGltaXRlZCBMaWFiaWxpdHksIHJlYWQgdGhlIHNl
Y3Rpb24gKkxlZ2FsIExpbWl0YXRpb25zKiBvZiB0aGUgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkgUG9saWN5IGF2YWlsYWJsZSBhdCBodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvcG9s
aWN5LnBkZjARBglghkgBhvhCAQEEBAMCAAcwUAYJYIZIAYb4QgENBEMWQVN0YXJ0Q29tIENsYXNz
IDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgRnJlZSBTU0wgRW1haWwgQ2VydGlmaWNhdGVzMA0GCSqG
SIb3DQEBBQUAA4ICAQAe9xAX/vbphHkvkDdNrslXWdO7fD3JaqnTT3jmmDu55r7UpW1H/v/J40UB
Xsw9DKU8TylE4RwZT5HDAMW42f1x498AzM4FOnL/pUTTvr6BiRlrify5ZovkDYVWjy1GYTJ+hPiB
Ev0HmHnDxjhnJIIkEvJ+niMHLLEdpNMhZnxMiTFRAtIF4WeYcpgXBjAxsEDRKBvw40K+r3N4lyky
SQNp2ElIJ8H1z2BmhxtppUdWpOVJ4Q1Gvn9jfV1qnMhFCDY+X1X8DrkKrTcpDExcGlefweQs7+DY
UK3spiQkJpN7qpPYlfy2GYHedv7lGa1ZAghMI/4882QVAK2zq6M60nHpOUMtYD61XtAs3ZD5L3yn
9LCdeK2j4ZbQ3uRdwvxAMFWwXyUK/ALP4lCu9QhxbnETOkBWT3FJul4/FUgzM0RRCEGhuQWiOFSo
a35XJTcYf/4E/ZuvOXhK04nUpe7DYTMWzRqL04yyoJQVHKHKSboytueydKuqFZKdJA9gi77OnPBY
L/yxkXGgkLC9tsi77oT4AgZry0/6lgX56ak+f/umQihNPgtKSQQjEYq9S8MlOHzpUM0vxsghATYs
dUPBw6r6ZxDHjXoUAD03DUMEbKsWvqFB7nJNVesngbu8miw1EYLA+fHfTaCidoV3CL75jKqM/KE8
7qrh9Fqti9bKqnkvpTGCAy4wggMqAgEBMIGTMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3Rh
cnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4
MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EC
AgDeMAkGBSsOAwIaBQCgggFvMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkF
MQ8XDTA5MTAxNTEzNDQyN1owIwYJKoZIhvcNAQkEMRYEFNZO5lgU1da0dtn6cR2ISs4BX6JjMIGF
BgkrBgEEAYI3EAQxeDB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGlu
ZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBD
QQIQHfePmyGL4rkmkMP6lP8ljzCBhwYLKoZIhvcNAQkQAgsxeKB2MGIxCzAJBgNVBAYTAlpBMSUw
IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVy
c29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQHfePmyGL4rkmkMP6lP8ljzANBgkqhkiG9w0BAQEF
AASCAQBS3Ix1l6Kj/pCWVHhUylDWaCFtC6kS8TiQq3oCeQbVDu1n1E1QX7FAV9dJOHp9JEYw7evG
BL+waD68sGHyYYd92qr8ToZ57koU8KAmXrMac1B+RbL/uOdhNPwUcxM189vFcWu8D1p8KPPrx0ay
mCtSaEUvrGtwaz9eYBPhmxlr745p8yjZXl4uiqMGVhDczU9KyXumUgFR0Fq5UuRAkXmIoodJ7DeG
BGXMoPaN/YY92RJm/53n57TX91i9ngFMCE7GBWK9/JmJuX/5P7DoUtiS2Ryb/NfOofBOLGnzWPZ0
vn4hhaMTbUtHvecV+QPak1XBKm5ozaGqqMYyYwhrF60XAAAAAAAA

--Apple-Mail-306-281676369--
References:
- SAML 2 profile questions
  - From: Mike Jones <Michael.Jones@microsoft.com>
- Re: [imi] SAML 2 profile questions
  - From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Re: [imi] SAML 2 profile questions
  - From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Re: [imi] SAML 2 profile questions
  - From: John Bradley <jbradley@mac.com>
- Re: [imi] SAML 2 profile questions
  - From: Scott Cantor <cantor.2@osu.edu>