OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] XML Encryption guidance issue


>Gary Ellison noted that usng an OOB symmetric key to encrypt the
encryption keys used is likely to be >useful in such a case to make the
process efficient.

Right, this fits in with not mandating particular key management

> >Super-encryption, which means encrypting content that includes 
> >encrypted content, is not specified in the SAML specifications, but 
> >this does not mean it couldn't occur in a SOAP messaging component of

> >the system - but the SAML specifications are silent on the topic and
> >believe this is appropriate.

>Well, it could happen with SAML quite easily such as an encrypted
assertion that contains an
>EncryptedID or EncryptedAttribute. The question is, do we need to say
anything about it? I'm not sure >why encrypting an element that happens
to have stuff from the XMLEnc spec in it is different from any >other

I don't think much need be said in this case.

Regards, Frederick

Frederick Hirsch

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]