OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] encrypting saml protocol messages

The SAML request/response protocol is carried over SOAP which means you can use either WS-Security or TLS to encrypt the message in transit (and in the case of WS-Security, keep the encrypted message around if you wish.) When Assertions are returned over HTTP, TLS may be used. The SAML TC did not see a need to difine yet another way to do the same thing. The assumption was that if you wish to persist data which needs to be confidential, that data will be contained in the Assertion.
What is your use case?
-----Original Message-----
From: Yang, Gang USA CTR (US) [mailto:gang.yang.ctr@mail.mil]
Sent: Monday, October 24, 2011 3:09 PM
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] encrypting saml protocol messages



I'm trying to implement Web SSO profile and wondering why  SAML 2.0 did not define the encryption of SAML procotol messages (request/response), but only encryption of the SAML assertion and some sub elements. Can any one shed some light on this?




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]