[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Minutes of 15 May 2001 Security Services TC/Focus telecon
FYI, Robert Griffen has already cleared up this issue - no need to respond my previous email. Just wanted to share another tidbit - we already have a non-goal: "SAML does not define a data format for encrypting assertions or messages independent of binding protocol. However, this non-goal will be revisited in a future version of the SAML spec after XML Encryption is published. " So I think we're going to end up being pretty explicit in this area :~). Regards, Darren > -----Original Message----- > From: Platt, Darren [mailto:dplatt@securant.com] > Sent: Friday, May 18, 2001 12:48 PM > To: 'Eve L. Maler'; security-services@lists.oasis-open.org > Subject: RE: Minutes of 15 May 2001 Security Services TC/Focus telecon > > > I would like to include such a requirement, but we already > have these ... > > · [R-Signature] SAML assertions and messages should be > authenticatable. > · [R-Confidentiality] SAML data should be protected from > observation > by third parties or untrusted intermediaries. > · [R-BindingConfidentiality] Bindings SHOULD (in the RFC sense) > provide a means to protect SAML data from observation by > third parties. Each > protocol binding must include a description of how > applications can make use > of this protection. Examples: S/MIME for MIME, HTTP/S for HTTP. > > ... and I'm not sure how a new one would fit in. I think we might be > covered already by [R-Confidentiality]. We went over this > issue a few times > in the requirements working group, and this is the best text > we could come > up with. Would someone like to propose something else? > Perhaps the person > from the call who had the issue (I don't know who that is)? > > Thanks, > > Darren > > > > > > -----Original Message----- > > From: Eve L. Maler [mailto:eve.maler@east.sun.com] > > Sent: Friday, May 18, 2001 11:59 AM > > To: security-services@lists.oasis-open.org > > Subject: RE: Minutes of 15 May 2001 Security Services > TC/Focus telecon > > > > > > At 10:56 AM 5/18/01 -0700, Platt, Darren wrote: > > >I have an action in here that I don't understand - I can't > > find what it > > >refers to in my notes. Does anybody know what requirement > > this refers to: > > > > > > > NEW ACTION: Darren to add this requirement to requirements doc. > > > > Sorry! Those pesky indexicals again. :-) I pulled all the > > actions out of > > the main text. I think this was referring to the > > signature/encryption > > optionality. > > > > Eve > > -- > > Eve Maler +1 > 781 442 3190 > > Sun Microsystems XML Technology Development eve.maler @ > east.sun.com > > > > > > ------------------------------------------------------------------ > > To unsubscribe from this elist send a message with the single word > > "unsubscribe" in the body to: > > security-services-request@lists.oasis-open.org > > > > ------------------------------------------------------------------ > To unsubscribe from this elist send a message with the single word > "unsubscribe" in the body to: > security-services-request@lists.oasis-open.org >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC