[mdx] on splitting the spec
Rainer Hoerbe
rainer at hoerbe.at
Tue Oct 1 04:44:38 PDT 2013
Am 01.10.2013 um 12:25 schrieb Ian Young <ian at IAY.ORG.UK>:
> * The security considerations for SAML (which allows for XML DSIG-signed responses) are going to be different than for a metadata type which does not allow for signature but relies instead on TLS integrity guarantees.
Signatures allow more flexible and secure processing chains than the TLS point-to-point model. On the other hand, all the power of XML-DSig seems to be overly expensive if one just needs to sign a blob. Wouldn't it make sense to introduce some kind of CMS-signature, similar to SAML POST-SimpleSign Binding?
- Rainer
More information about the mdx
mailing list