mace-opensaml-users - RE: [OpenSAML] Testing SAML relying party browser post profile
Subject: OpenSAML user discussion
List archive
- From: "Pantvaidya, Vishwajit" <>
- To: "" <>
- Subject: RE: [OpenSAML] Testing SAML relying party browser post profile
- Date: Mon, 10 Nov 2008 17:45:16 -0800
- Accept-language: en-US
- Acceptlanguage: en-US
Pantvaidya, Vishwajit wrote: > Does the test IdP let me provide a secret key as well? No, I don't think the TestShib IdP lets you provide a secret key.
It's just storing the info you give it in public metadata, so that's counter to that approach. Actually, I don't believe there's any currently defined mechanism to represent symmetric keys in a ds:KeyInfo, which is used by SAML metadata. [Pantvaidya, Vishwajit] So what you mean is that even with SAML2.0
there is no way to use secret keys? …Re: encryption: When you do encryption in SAML, especially
if the IdP and SP are exchanging info via SAML metadata, it is typical that you do actually encrypt the data with a randomly generated symmetric
key. That symmetric data encryption key in turn is encrypted with the recipient's public key (e.g. obtained from metadata) and sent along with the encrypted data as an xenc:EncryptedKey element. Take a look at
the XML… [Pantvaidya, Vishwajit] Just to understand this, why not just encrypt
with the public key? Does this provide any additional level of security (though
I cannot imagine how). - Vishwajit. |
- Re: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/07/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 11/07/2008
- <Possible follow-up(s)>
- Re: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/07/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/10/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 11/10/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/10/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Scott Cantor, 11/10/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 11/10/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/10/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 11/10/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/10/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/10/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 11/10/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 11/10/2008
Archive powered by MHonArc 2.6.16.