[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Proposed Agenda Nov 18 SSTC Conference Call
> 3.2 Disposition of query re DER encoding issue > http://lists.oasis-open.org/archives/security-services/200811/msg00032.html > et all > + deferment from last call See http://lists.w3.org/Archives/Public/public-xmlsec/2008Nov/0037.html I'll report on outcomes tomorrow, assuming this gets resolved either way. The W3C call is immediately before this one. The upshot for SSTC purposes is that I think this is going to be a case-by-case issue for profiles to deal with based on how comfortable they are requiring things. For example, I'm inclined to nail this down quite tightly in my metadata profile, because the whole point of the profile is to get this nonsense out of SAML. But I don't think profiles that are stuck being lenient about the certificates they have to accommodate can necessarily take that approach (which I think is where at least the HoK SSO profile ended up). -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]