OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: REVISED Issue Group 12, yet again.

Irving,

I'm not sure how these options are different (for issue 12-03):

> 1) Add the requirement:
> [R-BindingConfidentiality] Each protocol binding should include a
> description of how the confidentiality of SAML data can be
> protected within
> that binding. Examples: S/MIME for MIME, HTTP/S for HTTP.
>
> 2) Add the requirement:
> [R-BindingConfidentiality] Each protocol binding must ensure that
> SAML data
> is protected from observation by third parties.

I think if I were to require what is in #2, then I'd want a description of
how it is done (which is required by #1).

Sorry for the late comment.

Thanks,

Darren




> -----Original Message-----
> From: Irving Reid [mailto:Irving.Reid@baltimore.com]
> Sent: Thursday, March 29, 2001 2:42 PM
> To: 'security-use@lists.oasis-open.org'
> Subject: REVISED Issue Group 12, yet again.
>
>
> OK, here we go again, based on the discussion during the 03/28 conference
> call.
>
> I've taken most of the previous questions and rolled them into the
> introductory text. I've tried to capture the discussion on possible
> resolution, along with the comments from ballots, in the suggested
> resolutions. I've also reworded things to refer only to confidentiality
> protection; I think [R-Signature] already addresses message integrity.
>
> Please please please comment quickly, if you have comments, so that Darren
> can include this in next week's ballot without generating another round of
> debate. In particular, there are a couple of places where I
> suggest possible
> limits on how much detail we put in the Use Case document.
>
> Note that my use of 'should' in the proposed requirements matches that in
> the existing requirements list in Strawman 3.
>
>  - irving -
>
> ------------------------------------------------------
> Issue Group 12:
>
> UC-9-02:PrivacyStatement addresses the
> importance of sharing data only as needed between security zones (from
> asserting party to relying party). However, it is also important that data
> not be available to third parties, such as snoopers or untrusted
> intermediaries.
>
> One possible solution for protocol bindings to define secure channels
> between
> relying party and asserting  party. Another is specifically
> encrypt the SAML
> data, so that it is protected whether or not the channel is
> secure, and can
> also be stored securely outside of the protocol binding (for example, in a
> cache or as a cookie).
>
> If confidentiality protection is specified both within the SAML message
> format and within protocol bindings, deployments can choose the
> appropriate
> solution. For example, SAML messages within encrypted S/MIME documents may
> not need message-level protection, while SAML messages passed as HTTP
> cookies do.
>
> The issues addressed here also relate to [R-Signature],
> ISSUE:[UC-13-02:EfficientMessages],
> ISSUE:[UC-13-03:OptionalAuthentication],
> and ISSUE:[UC-13-04:OptionalSignatures]. In particular, we would be
> contradicting ourselves if we voted that confidentiality
> protection is required without exception, and at the same time voted for
> option 1 on any of the UC-13 issues listed above. The point raised in the
> UC-13 issues is that within a protected security domain where
> confidentiality
> protection is not a concern, requiring encryption could introduce key
> management and performance issues that could otherwise be avoided.
>
>
> This issue breaks down into several decisions:
>
> Should confidentiality protection of SAML messages be
> required, optional, or unsupported?
>
> Should confidentiality protection be provided by the protocol
> binding or within the SAML message format?
>
> What (if any) encryption method should be used now?
>
> What (if any) encryption method should be used once XML Encryption is
> a published standard?
>
>
> ------------------------------------------------------------------
> ----------
>
> ISSUE:[UC-12-01:Confidentiality]
>
> Add the following requirement:
>
> [R-Confidentiality] SAML data should be protected from
> observation by third
> parties or untrusted intermediaries.
>
> Proposed Solutions:
>
> 1) Add [R-Confidentiality]
> 2) Do not add [R-Confidentiality]
>
> ------------------------------------------------------------------
> ----------
>
>
> IRVING'S NOTE: We could just stop here, and leave the rest of the
> details to
> the Core Assertions, Bindings and Security Considerations groups.
>
>
>
> ------------------------------------------------------------------
> ----------
>
> ISSUE: [UC-12-02:AssertionConfidentiality]
>
> Proposed solutions; choose one of:
>
> 1) Add the requirement:
> [R-AssertionConfidentiality] SAML should define a format so that
> individual
> SAML assertions may be encrypted, independent of protocol bindings.
>
> 2) Add the requirement:
> [R-AssertionConfidentiality] SAML assertions must be encrypted,
> independent
> of protocol bindings.
>
> 3) Add a non-goal:
> SAML will not define a format for protecting confidentiality of individual
> assertions; confidentiality protection will be left to the protocol
> bindings.
>
> 4) Do not add either requirement or the non-goal.
>
> In either case, Use Cases should be edited to call out this requirement
> where appropriate.
>
> ------------------------------------------------------------------
> ----------
> -
>
> ISSUE: [UC-12-03:BindingConfidentiality]
>
> Proposed solutions; choose one of:
>
> 1) Add the requirement:
> [R-BindingConfidentiality] Each protocol binding should include a
> description of how the confidentiality of SAML data can be
> protected within
> that binding. Examples: S/MIME for MIME, HTTP/S for HTTP.
>
> 2) Add the requirement:
> [R-BindingConfidentiality] Each protocol binding must ensure that
> SAML data
> is protected from observation by third parties.
>
> 3) Do not add either requirement.
>
> In either case, Use Cases should be edited to call out this requirement
> where appropriate.
>
> ------------------------------------------------------------------
> ----------
>
> IRVING'S NOTE: I wouldn't mind if
> ISSUE:[UC-12-03:EncryptionMethod] was left
> out of the use cases document, and left up to the other
> subcommittees. It's
> really more of a design issue than a requirement.
>
> ISSUE:[UC-12-03:EncryptionMethod]
>
> If confidentiality protection is included in the SAML assertion
> format (that
> is, you chose option 1 or 2 for ISSUE:
> [UC-12-02:AssertionConfidentiality]),
> how should the protection be provided?
>
> Note that if option 2 (assertion confidentiality is required) was
> chosen for
> UC-12-02, resolution 1 of this issue implies that SAML will not
> be published
> until after XML Encryption is published.
>
> Proposed resolutions; choose one of:
>
> 1) Add the requirement:
> [R-EncryptionMethod] SAML should use XML Encryption.
>
> 2) Add the requirement:
> [R-EncryptionMethod] Because there is no currently published standard for
> encrypting XML, SAML should define its own encryption format.
> Edit the existing non-goal of not creating new cryptographic techniques to
> allow this.
>
> 3) Add no requirement now, but include a note that this issue must be
> revisited in a future version of the SAML spec after XML Encryption is
> published.
>
> 4) Do not add any of these requirements or notes.
>
> ------------------------------------------------------------------
> To unsubscribe from this elist send a message with the single word
> "unsubscribe" in the body to: security-use-request@lists.oasis-open.org
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC