[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] encrypting saml protocol messages
The
SAML request/response protocol is carried over SOAP which means you can use
either WS-Security or TLS to encrypt the message in transit (and in the case of
WS-Security, keep the encrypted message around if you wish.) When Assertions are
returned over HTTP, TLS may be used. The SAML TC did not see a need to difine
yet another way to do the same thing. The assumption was that if you wish to
persist data which needs to be confidential, that data will be contained in the
Assertion.
What
is your use case?
Hal
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]