[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Attribute Sharing Profile for X.509 Authentication-Based Systems (Draft-12)
On 3/25/07, Tom Scavo <trscavo@gmail.com> wrote: > Draft-12 of the Attribute Sharing Profile has been uploaded to the archive: > > http://www.oasis-open.org/apps/org/workgroup/security/download.php/23148/sstc-saml-x509-authn-attrib-profile-draft-12.odt > http://www.oasis-open.org/apps/org/workgroup/security/download.php/23149/sstc-saml-x509-authn-attrib-profile-draft-12.pdf > http://www.oasis-open.org/apps/org/workgroup/security/download.php/23150/sstc-saml-x509-authn-attrib-profile-draft-12-diff.pdf To summarize, the following normative changes were made in draft-12: 1. The profile identifiers were changed. OLD: urn:oasis:names:tc:SAML:profiles:query:attributes:X509-basic NEW: urn:oasis:names:tc:SAML:2.0:profiles:query:attribute:X509-basic OLD: urn:oasis:names:tc:SAML:profiles:query:attributes:X509-encrypted NEW: urn:oasis:names:tc:SAML:2.0:profiles:query:attribute:X509-encrypted 2. The following sentence was added to section 4.2.2 (Use of Encryption): A symmetric key transmitted in an <xenc:EncryptedKey> element MUST NOT be later reused by the service provider as a previously established symmetric key. 3. The mixing of encrypted and unencrypted assertions is prohibited in Encrypted Mode. 4. The following line was deleted in section 4.2.2 (Use of Encryption): This procedure MUST be supported by the service provider. Likewise the following line was deleted in 4.3.2 (Use of Encryption): This procedure MUST be supported by the identity provider. 5. Both the assertion and response MUST be signed in section 4.3.3 (Use of Digital Signatures). Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]