OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] question on DSAwithSHA1 algorithm

> The other question which arose in the last Liberty interop test was about
> the signature algorithm DSAwithSHA1. Section 4.1 of SAMLConf states that
> DSAwithSHA1 is recommended but not required in SAML 2.0. However, it is
> mandated for XML signature. One participant could not support DSAwithSHA1
> we had to require all signatures to be with RSAwithSHA1.

Well, just because XMLSig requires something doesn't mean SAML has to. It
means we *could* without burdening people too much, but that's about it.

> Our question is one of background on this issue. Why was DSAwithSHA1
> not required in SAML despite the XMLSig mandate? And, are these
> still necessary going forward. Thanks.

I have no memory of it specifically, maybe somebody else does. I suspect it
was just a general sense that requiring something without a good reason was
a bad thing.
-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]