Shibboleth Developers

[Chad La Joie <>]

You should probably take a look at the SAML 2 Core spec for a more 
in-depth description of encryption and it's usages but I'll try to give 
general answers to your questions.

Reimer Karlsen-Masur, DFN-CERT wrote:
> Hi.
>
> I was looking for some mail thread on this list to connect your emails topic
> to to understand your issue...but could not find any...
>
> So please let me ask some beginners questions:
>
> What data do you want to encrypt?

Probably the most immediate thing that comes to people's mind is 
attributes, though, in theory, you can encryption assertions, NameIDs 
and other things too.

> Between which parties is this data shared?

The IdP and SP but there may be intermediary systems between them and 
you may not want those systems reading stuff about your user.

> Who is the sender, who is the receiving end?

Both the IdP and SP can send and receive encrypted data.

> Is there always a https tunnel with (strong) encryption between these
> parties anyway?

Nope, not in the case where there are intermediate systems between the 
IdP and SP.

--
Chad La Joie             2052-C Harris Bldg
OIS-Middleware           202.687.0124