[mdx] on splitting the spec
Ian Young
ian at iay.org.uk
Tue Oct 1 06:39:15 PDT 2013
On 1 Oct 2013, at 12:44, Rainer Hoerbe <rainer at hoerbe.at> wrote:
> Am 01.10.2013 um 12:25 schrieb Ian Young <ian at IAY.ORG.UK>:
>
>> * The security considerations for SAML (which allows for XML DSIG-signed responses) are going to be different than for a metadata type which does not allow for signature but relies instead on TLS integrity guarantees.
>
> Signatures allow more flexible and secure processing chains than the TLS point-to-point model. On the other hand, all the power of XML-DSig seems to be overly expensive if one just needs to sign a blob. Wouldn't it make sense to introduce some kind of CMS-signature, similar to SAML POST-SimpleSign Binding?
I'd be somewhat wary of doing new crypto work in this specification if we can avoid it. The SAML metadata spec defines a mechanism for in-document signature of SAML metadata using XML DSIG which is widely implemented; I think our assumption has been that this would be sufficient for users of the metadata query protocol with the other major alternative being integrity protection via TLS (although I have to say I'm not looking forward to writing about the trust implications of the latter).
If the SAML TC were to define an alternative mechanism for signing SAML metadata that was analogous to the simplesign POST binding then I'm sure we could consider it. That seems unlikely to happen, though, unless you want to bring it up on today's TC call.
Failing that, I'm personally wary but as always open to be convinced by a concrete proposal.
-- Ian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://lists.iay.org.uk/pipermail/mdx-iay.org.uk/attachments/20131001/17dec2da/attachment.bin>
More information about the mdx
mailing list