OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Does encryption need to be called out as MTI?

Three generic encrypted elements are found within the SAML 2.0 CD.  

1) <saml:EncryptedID>
2) <saml:EncryptedAssertion>
3) <saml:EncryptedAttribute>

I am omitting those elements/attributes that are specific to particular
protocols (e.g., Name Identifier mapping).

It is not always clear to me (perhaps with the exception of
<saml:EncryptedID>) when conformant implementations should be ready to
create or consume these encrypted elements. I would propose the following
text to be added to the conformance document:


Conformant implementations MUST be able to process or generate the following
encrypted elements: 1) <saml:EncryptedID>, 2) <saml:EncryptedAssertion>
3) <saml:EncryptedAttribute> in any context where they are required to
process or generate the corresponding unencrypted elements 1) <saml:NameID>,
2) <saml:Assertion>, 3) <saml:Attribute>.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]