[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Suggest adding IssueInstant attributetoRequest and Response
> >While it is true that XML encryption will not prevent replay, SAML does > >not currently specify its use. SSL and TLS are currently the only way to > >protect content from being read and they will prevent replay. I note belatedly that Hal said that SAML doesn't specify XML Encryption, as opposed to Signature, which is true. I didn't recall the bindings doc mandating use of encryption in future bindings unless the application requires it, and of course I would think SAML would want to allow use of XMLE once it's finished, so the point remains. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC