Omaerz: 5 revisions imported: Initial Upload of old pages from IDESG Wiki

2018-06-28T04:02:25Z

5 revisions imported: Initial Upload of old pages from IDESG Wiki

New page

'''Title''': Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0

 
'''Category''': Authentication Procotol Specification

 
'''Date''': 3/15/2005

 
'''Creator''': OASIS

 
'''URL''': http://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf

 
'''Description''': Provides security and privacy considerations for users of SAML 2.0, including some specific implementation
requirements (such as mandatory cryptographic algorithms to be supported) but more extensive discussion
of threats and countermeasures to be considered when profiling SAML 2.0.

 
'''Privacy''': There is discussion of achieving privacy through confidentiality of the transaction and a discussion of
pseudonymity. Privacy protections implemented for PII at rest seems to be out of scope.

 
'''Security''': The threat analysis within explains design choices within SAML or informs the developers of SAML profiles.
The document requires SHA-1 with no mention of more robust hash algorithms (SHA-256 etc did not exist in
2005), requires Triple DES and suggests but does not mandate AES.

 
'''Interoperability''': The document specifies TLS cipher suites that are required to be supported.

 
'''Terms''':

[[Category:Standards]]
[[Category:Authentication]]

OASIS SAML Security and Privacy 2.0 - Revision history

Omaerz: 5 revisions imported: Initial Upload of old pages from IDESG Wiki