[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Minutes minutes SSTC/SAML concall Tue 21-Oct-2008
> ts: it came up on last call, started from a comment Scott Cantor (sc) made > wrt previous version of profile, has to do with <ds: x509 cert> element -- > what is format of such cert? his comment had to do with encoding, spec says > encoding should be DER, but perhaps it should be left unspecified. I didn't > change it in this rev of the doc, because I don't see wisdom in that, not > sure why someone would not specifiy it, it would make it difficult for RP to > do confirmation w/o knowing what the encoding is, hoping someone can justify > this, AFAIK that is only significant issue remaining in that profile The justification for not requiring DER is that doing so would be analagous to us requiring XML be encoded as UTF-8 instead of relying on the XML to signal the encoding used. In the case of certificates, ASN.1 is the substrate and, I'm led to understand, implementations of ASN.1 libraries handle the encodings that people use, just as XML parsers handle the encodings that people use. In other words, I'm told that it's left open in XMLSignature for a reason, and it's not clear to me why we have any better reason to constrain it than we would for the XML encoding. Alternatively, I guess I'd be in favor of making this a RECOMMENDED encoding, but doing that in SAML core itself, rather than requiring every profile that touches this element to repeat it. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]