[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Metadata errata items
> During last year's 4Q07 SAML 2.0 Liberty interop test, we ran into the > question about the interpreting and use of EncryptionMethod. Within the > group of participants, there was a disagreement on whether it indicates that > any listed encryption methods and transports algorithms are supported ON TOP > of those required in SAMLConf 4.2 or it indicates the implementation only > supports those specifically called out in the EncryptionMethod element? Metadata always lists what you support. There's nothing "implicit" anywhere else in the spec. My confusion over the element definitely is *not* due to that question. > To your question, the Liberty interop is temporarily ignoring the > EncryptionMethod element but waiting direction from SSTC for future actions. Since the element came from Liberty to begin with, there's nobody else to get guidance from. If nobody knows how to use it, I would suggest we deprecate it. I was never comfortable with it in light of the fact that we don't do anything with signing algorithms, TLS cipher suites, etc. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]