-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> The SAML signature mechanism is anselary to the security approach
>> that we're using for this. I think a lot of us would like to not
>> even support signatures in this SAML binding because we believe
>> that the hop-by-hop integrity is sufficient and because those
>> signatures will create interoperability problems.
>
> Is there text somewhere that argues that hop-by-hop integrity is
> enough for abfab? Is that for all use-cases or just some?
with chair as off:
I'm a bit worried about out-of-band attribute-authorities
here. In-band hop-by-hop _may_ be good enough when all of the
attributes come from the IdP.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBynscACgkQ8Jx8FtbMZnfHPACggEqHgLZW+edwUUWFuEhSntFf
l+0An1pO5AIQa+cj3RtW7m/llwsnoKBX
=wd5x
-----END PGP SIGNATURE-----
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
