OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-06.pdf (sstc-saml-holder-of-key-browser-sso-draft-06.pdf) uploaded

And, my initial comments that don't seem to have been captured in the  
email itself:

This is a simplification revision.  I've removed two angles of  
flexibility from the previous draft:

(1)  All text about embedding keying information in AuthnRequests is  
gone.  It introduces confusion and really didn't accomplish much that  
couldn't be done with a signed request with a Subject.

(2)  After struggling mightily with it for hours, I couldn't come up  
with a particularly sane method or reason to support a wide variety  
of keying information.  The signature of the assertion alone is  
enough to bump against size limits, and using the same certificate at  
both places is generally good for users, so I don't think this is  
worth the cost in complexity and confusion.

A couple other minor changes have been made as well.

Talk to you in 10 hours,

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]