ISSUE:[UC-12-01:Encryption] REVISED

[Irving Reid <Irving.Reid@baltimore.com>]

Bob makes a very good point - UC-12-01 has nothing to do with privacy; it is
concerned with confidentiality and integrity. I've revised the text at the
end of this message.

> -----Original Message-----
> From: George_Robert_Blakley_III@tivoli.com
> [mailto:George_Robert_Blakley_III@tivoli.com]
> Sent: Tuesday, February 27, 2001 11:27 AM
> To: Ahmed, Zahid
> Cc: 'Irving Reid'; security-use@lists.oasis-open.org;
> 'security-bindings@lists.oasis-open.org'
> Subject: RE: ISSUE:[UC-12-01:Encryption] (was RE: Comments on 
> Straw Man 2: Protection of message contents)
> ...
> I think the note below uses "privacy" when it means "confidentiality".
> 
> Confidentiality and integrity SHOULD be the job of the 
> binding; privacy
> probably CANNOT be protected by
> any mechanism we specify in the binding, ...
> --bob



------------------------------------------------------
ISSUE:[UC-12-01:Encryption] UC-9-02:PrivacyStatement addresses the
importance of sharing data only as needed between security zones (from
asserting party to relying party). However, it is also important that data
not be available to third parties, such as snoopers or untrusted
intermediaries.

One possible solution for implementors is to use secure channels between
relying party and asserting  party. Another is specifically encrypt the SAML
data, either with a shared secret or with public keys.

Possible Resolutions:

1) Include an allowance for explicit use of encryption, such as XML
Encryption  http://www.w3.org/Encryption/2001/), within SAML messages. SAML
messages could then be transferred securely on any protocol.

2) Specify security properties in the Bindings documents. Each binding must
include a description of how the confidentiality and integrity of SAML
messages can be protected within that binding. Examples: S/MIME for MIME,
HTTP/S for HTTP.
--------------------------------------------------------------------------


 - irving -