Skip to Content.
Sympa Menu

mace-opensaml-users - Re: [OpenSAML] How to use OpenSAML and maintain FIPS 140-1 compliance?

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] How to use OpenSAML and maintain FIPS 140-1 compliance?


Chronological Thread 
  • From: Christopher Fasbinder <>
  • To:
  • Subject: Re: [OpenSAML] How to use OpenSAML and maintain FIPS 140-1 compliance?
  • Date: Thu, 23 Jun 2011 15:51:47 -0400

Scott,
        Yes, I used the wrong acronym JCE is what I meant (I understand that is a big difference).  We are not actually looking at using OpenSAML library for any transport so any SSL usage done by the library is not a concern to us.  Good to know we are covered though and can still consider using OpenSAML.

Thanks,
Chris



From:        "Cantor, Scott E." <>
To:        "" <>
Date:        06/23/2011 03:25 PM
Subject:        Re: [OpenSAML] How to use OpenSAML and maintain FIPS 140-1 compliance?
Sent by:        




On 6/23/11 3:13 PM, "Chris Fasbinder" <> wrote:

>I am working on a project where we are considering using OpenSAML.  The
>product we plan to update currently uses a third party cryptography module
>that has been validated by NIST for FIPS 140-1 compliance.  We would like
>to
>continue to use that third party cryptography module for all cryptography
>to
>not require our own validation by NIST, unless the cryptography module
>used by
>OpenSAML has already by validated for FIPS 140-1 compliance.  Since my
>company
>discourages employees from viewing third party open source code, I would
>like
>to know how I can plug-in what cryptography module OpenSAML will use.  The
>third party cryptography module we currently use does provide a JSSE
>provider.

JSSE is the SSL layer. The crypto in OpenSAML is JCE (and it's pluggable
via that mechanism).

The only place the SSL might come into play is the SOAP client code, Chad
or Brent could speak to that.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page