OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Proposed Agenda Nov 18 SSTC Conference Call

> 3.2 Disposition of query re DER encoding issue
> et all
> + deferment from last call

See http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0037.html

I'll report on outcomes tomorrow, assuming this gets resolved either way.
The W3C call is immediately before this one.

The upshot for SSTC purposes is that I think this is going to be a
case-by-case issue for profiles to deal with based on how comfortable they
are requiring things.

For example, I'm inclined to nail this down quite tightly in my metadata
profile, because the whole point of the profile is to get this nonsense out
of SAML. But I don't think profiles that are stuck being lenient about the
certificates they have to accommodate can necessarily take that approach
(which I think is where at least the HoK SSO profile ended up).

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]