OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: XML Encryption Working Draft

> Hello, everyone. First, I'd like to say that I was very impressed with
> the progress we made at this week's F2F

I concur with the feeling of having reached a sort of breakthrough and in
praise for Jeff and Bob.

>         * Is it possible to revisit our requirements/non-goals at this
>           late date? (Hmm, did I say "late"? B-)

Considering that the current proposals do not even cover signatures, which
we surely want, I am in favor of adding encryption, assuming the XMLenc spec
is relatively stable. There is a large risk that either SAML will be
dismissed because it lacks this or that implementors will attempt to "roll
their own."

>         * Is XML Encryption appropriate for SAML? At what level
>           (assertions, messages)?

Past discussions have included the idea of encrypting individual elements of
assertions, however I suggest we could live with encrypting entire
assertions in version 1, if it makes it easier (faster) to develop our spec.
I guess if AuthZ Decision Assertions Requests contain much the same contents
as the AD Assertions returned, then we will have to be able to encrypt them
as well.

>         * Is the bump in scope that this would entail worth the payoff
>           in terms of a having a standard, protocol-independent
>           confidentiality mechanism?

I vote yes.

>         * Where would adaptation of XML-Enc to SAML fit into the spec?
>           Core? Bindings? Another group?

I think it is clearly part of core. As you pointed out in your previous
message, it goes across all bindings. Of course, a particular binding would
have to specify whether and how to use it and security and privacy
considerations will have to analyze the effects.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC