[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Updated: (SECURITY-7) PE: Pseudorandomrequirement for persistent NameID format is unintentional
[ http://tools.oasis-open.org/issues/browse/SECURITY-7?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Cantor updated SECURITY-7:
--------------------------------
Resolution:
Resolved as proposed by TC on March 22 call.
http://lists.oasis-open.org/archives/security-services/201103/msg00026.html
> PE: Pseudorandom requirement for persistent NameID format is unintentional
> --------------------------------------------------------------------------
>
> Key: SECURITY-7
> URL: http://tools.oasis-open.org/issues/browse/SECURITY-7
> Project: OASIS Security Services (SAML) TC
> Issue Type: Bug
> Components: Core
> Affects Versions: Version 2.0
> Reporter: Scott Cantor
> Assignee: Scott Cantor
> Priority: Minor
> Fix For: 2.0 incorporating Approved Errata
>
>
> Sec 8.3.7, line 3321-3323, states that the values of this attribute MUST be pseudo-random. This has cryptographic connotations that go beyond the intent of this format, which was simply to guarantee that values would not directly expose the underlying principal identity and would be unique within the scope of the qualifiers attached. This can be achieved without actual pseudo-random construction of the identifiers, so this should not have been stated as a MUST.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]