OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: using HMAC-SHA1 as for SSO (SAML)

Hello all,

We have a customer who wants to use HMAC-SHA1 (with a shared symmetric key) as digital signature vs our standard RSA-SHA1, we are trying to see if SAML spec allows it.
Obviously HMAC-SHA1 is faster but since I am not a crypto person, it is hard for me to tell the customer if there is any security vulnerability at the crypto level.  We know it provide integrity, some level of authentication, can it provide non reputation for auditing purpose ?

I see a draft of SAML using HMAC-SHA1, does it mean HMAC-SHA1 will be supported ? Thanks


Please advise, thank you so very much !!!!


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]