[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] SAML Token Brainstorming
Mishra, Prateek wrote: >As discussed on the call, we should discuss how encryption should be >integrated with the SAML token profile. I agree that a key in or referenced >from a (holder-of-key) assertion could be used in the same manner that a >key in an x509 cert was used in our encryption scenarios. > ><Prateek> >Regrettably, I missed this discussion but here is my guess: the key found in >the holder-of-key assertion is used to encrypt a (generated) symmetric key, >which in turn is used to encrypt the body. Can you confirm that this is the >case of interest? ></Prateek> > I guess the case of interest is encryption of the msg in a key known only to the sender and recipient, and the above speculates that this could be done in a manner analogous to what is done with the x.509 profile I'm not sure it works though, unless we are talking about an assertion that identifies the key of the target, as otherwise the contents of the msg could not be restricted to the intended parties.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]