OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] SAML Token Brainstorming

Mishra, Prateek wrote:

>As discussed on the call, we should discuss how encryption should be
>integrated with the SAML token profile. I agree that a key in or referenced
>from a (holder-of-key) assertion could be used in the same manner that a
>key in an x509 cert was used in our encryption scenarios.
>Regrettably, I missed this discussion but here is my guess: the key found in
>the holder-of-key assertion is used to encrypt a (generated) symmetric key,
>which in turn is used to encrypt the body. Can you confirm that this is the
>case of interest?
I guess the case of interest is encryption of the msg in a key known
only to the sender and recipient, and the above speculates that this could
be done in a manner analogous to what is done with the x.509 profile

I'm not sure it works though, unless we are talking about an assertion that
identifies the key of the target, as otherwise the contents of the msg could
not be restricted to the intended parties. 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]