[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SAML2.0 SSO & identity management
Hi Giuseppe, It’s a good idea to also check our
errata document. Some questions you have might have been addressed by the
TC in that document. Our plan is to update the specs with these corrections.
The SAML 2.0 errata document is at: sstc-saml-errata-2.0-draft-18.pdf. Item PE-6 states: Description: When
using the nameid-format:encrypted type of name identifier in SAML assertions
and protocol messages, it is not possible to communicate the format of the
unencrypted identifier as part of the assertion or message. This concept
was derived from Options: In
[SAMLCore] append to paragraph ending on line 2139: “It is not possible for the service provider to specifically
request that a particular kind of identifier be returned if it asks for
encryption. The <md:NameIDFormat> metadata element (see [SAMLMeta]) or
other out-of-band means MAY be used to determine what kind of identifier to
encrypt and return.” Disposition: During
the conference call of April 12 the TC accepted this option. Rob Philpott From: Conor P. Cahill
[mailto:concahill@aol.com]
The thought behind encrypted was that the
IdP would choose whether or not the ID is encrypted depending upon the channel
through which the assertion was delivered to the consuming party. This
came about because of one of |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]