OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] SAML2 Holder-of-Key Assertion Profile

> I agree this is one of two open issues (the other is conformance).  If
> a key-based processing model doesn't otherwise detract from a PKI (if
> one happens to exist), I could support it. I'm not yet convinced
> that's the case, however, which is why I proposed a natural processing
> model based on the particular X.509 data item bound to the assertion.

I think the primary benchmarks should be security and simplicity. I also
think that adding processing rules that increase the chances of failure
without adding any security are a bad idea. That's been my experience with
PKI.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]