OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: XML Encryption Working Draft

Hello, everyone. First, I'd like to say that I was very impressed with
the progress we made at this week's F2F, and I hope we can continue to
go forward at this efficient pace in the future. Special "shout-outs"
to Jeff Hodges for running the meeting right to the agenda, and Bob B.
for handling the whiteboard session to such good effect.

Second, I'd like to point out that there is a working draft of XML
Encryption available on w3c's Web site:


First, I'd love to get the inside scoop from our XML-Enc liaisons
("Stephen Farrell, Gilbert Pilz, and Ed Simon") about the

Second, I'm wondering how this affects our non-goal of excluding XML
Enc from SAML, namely:

	"SAML does not define a data format for encrypting assertions
         or messages independent of binding protocol. However, this
         non-goal will be revisited in a future version of the SAML
         spec after XML Encryption is published."

It seems that by getting to working draft status, the spec is to a
point where we could start evaluating it for use with SAML (and
perhaps even feed in suggestions for the final spec). Also, the XML
Encryption schedule for milestones, here:


...has a date of August 2001 for candidate recommendation and October
2001 for proposed rec. They appear to be hitting their milestones
quite well. Even if they slip somewhat, they'd -probably- still have a
candidate recommendation comfortably within our new timeframe of
December 1 for a "substantially complete draft" of SAML.

I suggest that we should at least consider this issue at the next
concall for discussion. To wit:

        * Is it possible to revisit our requirements/non-goals at this
          late date? (Hmm, did I say "late"? B-)

        * Is XML Encryption appropriate for SAML? At what level
          (assertions, messages)?

        * Is the bump in scope that this would entail worth the payoff
          in terms of a having a standard, protocol-independent
          confidentiality mechanism?

        * Where would adaptation of XML-Enc to SAML fit into the spec?
          Core? Bindings? Another group?

Can we add this to the issues list? To the agenda for a future


Evan Prodromou, Senior Architect        eprodromou@securant.com
Securant Technologies, Inc.             415-856-9551

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC