OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Proposed text to resolve AI #0256

#0256: Ciphersuite selection

Owner: Rob Philpott

Status: Open

Assigned: 2006-04-10

Due: 2006-04-30

Mr. Prateek Mishra 2006-04-11 02:22 GMT
[ET] Suggestion that text be clarified based on ciphersuites that were
explicitly called out in the text. Clarification is required to make it
clear that a) these are not the only ones that are supported and b) this
is not a minimal set that needs to be supported
[HL] How do we deal with non-errata issues?
[RP] Was going to propose text on why the ciphersuites were selected
[ET] This will take over his issues
[HL] This needs a new action item
Rob to produce explanatory text for algorithm selection



In Conformance, I suggest adding:


  1. In the intro of section 4 (XML Digital Signature and XML Encryption) after line 235, add:

·       The algorithms listed below as being required for SAML 2.0 conformance are based on the mandated algorithms in the W3C recommendations for XML Signature and for XML Encryption, but modified by the SSTC to ensure interoperability of conformant SAML implementations.  While the SAML-defined set of algorithms is a minimal set for conformance, additional algorithms supported by XML Signature and XML Encryption MAY be used.  Note, however, that the use of non-mandated algorithms may introduce interoperability issues if those algorithms are not widely implemented.  As additional algorithms become mandated for use in XML Signature and XML Encryption, the set required for SAML conformance may be extended. [RSP: not sure about including the last sentence… opinions?]

  1. In the intro of section 5 (Use of SSL 3.0 and TLS 1.0) after line 257, add:

·       The set up algorithms required for SAML 2.0 conformance is equivalent to that defined in SAML 1.0 and SAML 1.1. These mandated algorithms were chosen by the SSTC because of their wide implementation support in the industry. While the algorithms defined below are the minimal set for SAML conformance, additional algorithms supported by SSL 3.0 and TLS 1.0 MAY be used.


Recommended changes, additions, and deletions are welcomed.

Rob Philpott
Senior Consulting Engineer
RSA Security Inc.
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
I-name:  =Rob.Philpott


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]