[OpenID] Infocards [SAML Token] Vs OpenID Infocards[OpenID Token]
Peter Williams
pwilliams at rapattoni.com
Wed Dec 19 23:19:01 UTC 2007
"Identity tokens sent to you will be encrypted under the same key your system uses for https. If people need help with this, let"
So, there are two level of encryption: channel protections between the PC's cardspace thread and the RP site (https), and then some repurposing of the RP's SSL cert from some kind of proprietary (non-SAML standardized) end-end encryption (message layer).
And if my hardware cryptomodule doesnt allow using SSL certs for other than the SSL purposes (key exchange)!?
Any recollection what was the standard used for end-end token encryption? CMS? PKCS7 sealing?
________________________________
From: general-bounces at openid.net on behalf of Johnny Bufu
Sent: Wed 12/19/2007 2:51 PM
To: =JeffH
Cc: general at openid.net
Subject: Re: [OpenID] Infocards [SAML Token] Vs OpenID Infocards[OpenID Token]
On 19-Dec-07, at 2:33 PM, =JeffH wrote:
>> (to which I would add no
>> infocard crypto requirements - the OpenID Infocard token is posted in
>> clear text to the RP).
>
> huh? what crypto requirements?
The one Kim Cameron mentions here:
http://www.identityblog.com/?p=430
The links in the blog post are broken now; he used to have nice step-
by-step examples for how to decrypt the encrypted SAML token.
>> ..cannot be accomplished with the current Infocard + SAML
>> specification..
>
> which specific "Infocard + SAML specification" are you referring
> to? url?
http://download.microsoft.com/download/1/1/a/11ac6505-
e4c0-4e05-987c-6f1d31855cd2/Identity-Selector-Interop-Profile-v1.pdf
Johnny
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list