OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: ISSUE:[UC-12-01:Encryption] (was RE: Comments on Straw Man 2: Protection of message contents)


I don't think I agree here.  If the issue is "sharing data only as needed",
then encryption doesn't
help at all... the problem isn't eavesdropping, it is "need-to-know", which
can only be solved by
some mechanism like an access-control system.


Bob Blakley
Chief Scientist
Enterprise Solutions Unit
Tivoli Systems, Inc. (an IBM Company)

Irving Reid <Irving.Reid@baltimore.com> on 02/26/2001 10:10:09 PM

To:   security-use@lists.oasis-open.org
Subject:  ISSUE:[UC-12-01:Encryption]  (was RE: Comments on Straw Man 2: Pr
      otection of message contents)

This clearly can't be ready for ballot before the F2F, but I thought I'd
respond to Darren's suggestion. What follows is my modified suggestion for
issue ballot text:

ISSUE:[UC-12-01:Encryption] UC-9-02:PrivacyStatement addresses the
importance of sharing data only as needed between security zones (from
asserting party to relying party). However, it is also important that data
not be available to third parties, such as snoopers or untrusted

One possible solution for implementors is to use secure channels between
relying party and asserting party. Another is to use encryption, either
a shared secret or with public keys.

Possible Resolutions:

1) Include an allowance for explicit use of encryption, such as XML
Encryption (http://www.w3.org/Encryption/2001/), within SAML messages. SAML
messages could then be transferred securely on any protocol.
2) Specify security properties in the Bindings documents. Each binding must
include a description of how the privacy and integrity of SAML messages can
be protected within that binding. Examples: S/MIME for MIME, HTTP/S for

To unsubscribe from this elist send a message with the single word
"unsubscribe" in the body to: security-use-request@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC