Shibboleth Developers

[Ian Young <>]

Tom Scavo wrote:

> On 7/9/07, Ian Young 
> <>
>  wrote:
>>
>> I'd be a little concerned by a default configuration that sent
>> unencrypted attributes through the front channel.
> 
> What attributes are you concerned about?

Anything that might leak out in transit to a party not entitled to see
it.  Personal data, certainly; anything I can't guarantee is safe to be
sent in the clear, in general.

> If the name identifier is
> opaque (transient or persistent) and the attributes are non-identity
> attributes (affiliations and/or entitlements), there shouldn't be a
> problem, right?

True, but irrelevant.

If you're talking about a default configuration that will be applied for
all Shibboleth 2.0 installations, I don't think you can make assumptions
about the kind of data being sent between the IdP and SP.

Most deployers won't ever change the default configuration, so (in my
opinion) it has to be secure under any assumptions about the attributes
used, not just convenient assumptions.

        -- Ian