[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] XAdES signatures in SAML v2.0?
On 5/29/13 6:05 AM, "Szabó Áron" <baronsz@freemail.hu> wrote: > >OK, I understand your reasons: keeping backward >compatibility/interoperability is important thing, such modifications can >not be done in this version of the standard. At this point, I don't see any viable way for them to be done at all. There are no plans for any breaking changes in the standard, and I don't think there's any support for doing that. Extensions are always possible, and don't require revising the standard, but they do require that anybody supporting an extension modify code to do so. But that's the appropriate, indeed the only, way forward. >On the other hand, I forgot to mention an additional information about >XAdES specification which would be perhaps interesting if any >modification could happen in the future (errata, SAML v2.1 etc.). In the >XAdES-structure this additional ds:Reference element (the reason of >problem) is unambiguously identified as the protection of metadata (and >not the protection of data-to-be-signed). This would make the enumeration >and classification of ds:Reference elements easier for software >developers. I believe that implementing support for a second Reference if it were well-defined and limited would be possible safely. But the only way to make that work will be to elide the existing signature and embed one in an Extension. >Perhaps, it would be worth if experts responsible for OASIS SAML could >discuss this problem with experts responsible for ETSI XAdES. The above is what I would say if somebody asked. It's also how I would have addressed compatibility with Signature 2.0. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]