[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Does encryption need to be called out as MTI?
Prateek, I strongly concur with this. This text would allow me to answer "yes" to the action item assigned under my name re: comments on the conformance doc. ~ Rick Randall Booz Allen Hamilton "Mishra, Prateek" wrote: > > Three generic encrypted elements are found within the SAML 2.0 CD. > > 1) <saml:EncryptedID> > 2) <saml:EncryptedAssertion> > 3) <saml:EncryptedAttribute> > > I am omitting those elements/attributes that are specific to particular > protocols (e.g., Name Identifier mapping). > > It is not always clear to me (perhaps with the exception of > <saml:EncryptedID>) when conformant implementations should be ready to > create or consume these encrypted elements. I would propose the following > text to be added to the conformance document: > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Conformant implementations MUST be able to process or generate the following > encrypted elements: 1) <saml:EncryptedID>, 2) <saml:EncryptedAssertion> > 3) <saml:EncryptedAttribute> in any context where they are required to > process or generate the corresponding unencrypted elements 1) <saml:NameID>, > 2) <saml:Assertion>, 3) <saml:Attribute>. > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.