[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Secure XRD Proposals
Added a fourth proposal: signature in a separate file from the signed document. On Wed, Dec 17, 2008 at 5:54 PM, <n-sakimura@nri.co.jp> wrote: > Hi > > I have created a page: > > http://wiki.oasis-open.org/xri/XrdOne/SecureXrd > > It is the result of some private message exchange among me, Brian and John. > > If we were to forget about the backward comaptibility to XRDS2.0, I personally like 1.2 SAML POST Simple Sign Binding style. > > Otherwise, I like 1.3 Backword Comaptible XRD. > > Related, but separet topic beside the format is whether to include SigAlg in a signed material. XML Sig calls for SigAlg to be included in the signed material citing weak algorithm attack. Then, there is an argument that while theoretically interesting, the real risk is very small. > > Please discuss on this as well. > > Actually, if we take 1.2 SAML Simple Sign Style, we can get SigAlg outside of XRD and still sign it, so it is quite nice.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]