[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: REVISED Issue Group 12, yet again.
> From: Darren Platt [mailto:dplatt@securant.com] > Sent: Tuesday, April 03, 2001 5:31 PM > > Irving, > > I'm not sure how these options are different (for issue 12-03): > > > 1) Add the requirement: > > [R-BindingConfidentiality] Each protocol binding should include a > > description of how the confidentiality of SAML data can be > > protected within > > that binding. Examples: S/MIME for MIME, HTTP/S for HTTP. > > > > 2) Add the requirement: > > [R-BindingConfidentiality] Each protocol binding must ensure that > > SAML data > > is protected from observation by third parties. > > I think if I were to require what is in #2, then I'd want a > description of > how it is done (which is required by #1). The first option was intended to make the protection optional (both in the binding definition, and by the user at runtime). How about this wording: 1) [R-BindingConfidentiality] Bindings SHOULD (in the RFC sense) provide a means to protect SAML data from observation by third parties. Each protocol binding must include a description of how applications can make use of this protection. Examples: S/MIME for MIME, HTTP/S for HTTP. 2) [R-BindingConfidentiality] Each protocol binding must always protect SAML data from observation by third parties.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC