OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [security-services] Suggest adding IssueInstant attributetoRequest and Response


> >While it is true that XML encryption will not prevent replay, SAML
does
> >not currently specify its use. SSL and TLS are currently the only way
to 
> >protect content from being read and they will prevent replay.

I note belatedly that Hal said that SAML doesn't specify XML Encryption,
as opposed to Signature, which is true. I didn't recall the bindings doc
mandating use of encryption in future bindings unless the application
requires it, and of course I would think SAML would want to allow use of
XMLE once it's finished, so the point remains.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC