Relying Party Encryption Conditional?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Relying Party Encryption Conditional?

Paul Hethmon
Relying Party Encryption Conditional? What controls whether nameID’s or assertions are encrypted for a relying party if the ProfileConfiguration attribute is set to “conditional”?

I would think it would be controlled by the RP metadata, but I can’t seem to find an attribute or element in the spec to control it.

Thanks,

Paul


-----
Paul Hethmon
Chief Software Architect
Clareity Security, LLC
865.824.1350 - office
865.250.3517 - mobile
www.clareitysecurity.com
-----

Give a man a fire and he's warm for the day. But set fire to him and he's warm for the rest of his life.

 -- Terry Pratchett, Discworld

Reply | Threaded
Open this post in threaded view
|

RE: Relying Party Encryption Conditional?

Cantor, Scott E.
Paul Hethmon wrote on 2009-01-21:
> What controls whether nameID's or assertions are encrypted for a relying
> party if the ProfileConfiguration attribute is set to "conditional"?

Whether the binding provides confidentiality on its own.

> I would think it would be controlled by the RP metadata, but I can't seem
to
> find an attribute or element in the spec to control it.

There's no metadata related to use of encryption (other than the key(s)).

-- Scott