OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: ISSUE:[UC-12-03:EncryptionMethod]

This doesn't seem quite right to me.  Aren't there really 2 sets of
questions that are asked at different points in time?

My abbreviated suggestions:

1) Use of Encryption now in the spec:
a) SAML will define it's own format for encryption
b) SAML shall use XML DSIG
c) SAML shall define nothing for encryption
d) SAML shall use some other option for encryption
e) SAML shall use XMLE, and it will wait until XMLE is ready before SAML

2) Use of Encryption in the future (assuming cases a-d chosen), where future
is defined as XMLE at Recommendation phase
a) SAML shall continue it's current encryption
b) SAML shall use XMLE.  

Vote #2 seems to happen when XMLE ships.  Vote #1 really says we either do
something non XMLE for now or we wait for XMLE.  


> ISSUE:[UC-12-03:EncryptionMethod]
> If C&I protection is included in the SAML message format, how 
> should the
> protection be provided? Choose one:
> a) Integrity protection shall use either XML DSIG or, when 
> the specification
> is ready, XML Encryption (http://www.w3.org/Encryption/2001/).
> Confidentiality protection shall use XML Encryption when it is ready.
> b) SAML shall define an interim format for message encryption 
> until XML
> Encryption is ready, and then switch.
> c) SAML shall define its own format for message encryption
> --------------------------------------------------------------
> ------------
> ------------------------------------------------------------------
> To unsubscribe from this elist send a message with the single word
> "unsubscribe" in the body to: 
> security-use-request@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC