[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [imi] Question regarding encryption
The openinfocard selector transmits the RP's SSL cert to the IdP if and only if the RequireAppliesTo is in the card chosen by the user. The IdP is authenticated to the selector by its SSL cert and the user is authenticated to the IdP by one of the four authentication methods. The connection is encrypted using SSL. The xmldap STS always signs the SAML assertion and encrypts it if it has a public key of a recipient to encrypt it to. Back to the openinfocard selector: If the the assertion received by the IdP is SAML and is not encrypted the openinfocard selector encrypts it using the RP's certificate. So if the RP is connected by SSL the SAML assertion is always encrypted if you use openinfocard. -Axel -----Original Message----- From: Mario Ivkovic [mailto:mario.ivkovic@a-sit.at] Sent: Monday, December 07, 2009 11:28 AM To: imi@lists.oasis-open.org Subject: [imi] Question regarding encryption Hi all, I've a question regarding encryption and privacy. Maybe this has been already discussed and I missed it. A security token issued by an IdP is - if the IdP knows the certificate of the RP - encrypted with the RP's public key. But if for some reasons the user doesn't want that the IdP knows the RP but still wants encryption this cannot be done. Is it possible to encrypt the token with a public key belonging to the user (card selector)? The user then decrypts the token, verifies it, and then encrypts it again with the RP's public key. kind regards, Mario -- DI Mario Ivkovic A-SIT, Secure Information Technology Center - Austria Inffeldgasse 16a, A-8010 Graz, Austria Tel.: +43 (316) 873-5528 Fax.: +43 (316) 873-105521 Mario.Ivkovic@a-sit.at --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]