[Pgi-wg] OGF PGI - Security Strawman
Jens Jensen
j.jensen.ral at googlemail.com
Tue Mar 24 04:58:43 CDT 2009
2009/3/24 David Wallom <david.wallom at oerc.ox.ac.uk>:
> Looking through this though I would assert that the limitations to just long
> lived X509 seems not in keeping with for example the ongoing discussions
> about trusting Shibboleth generated certs etc??
That's how I read it at first but Etienne's writeup (if that's what
you're referring to) is restricted to proxies.
Clearly(?) a SLC is a PKC as well.
>
> I have just been speaking to the security person from our NREN who
> specifically mentioned that Shib tokens across national boundaries is
> becoming essential and will be subject to an IGTF type body pretty soon.
They are currently recommending using self signed certificates for the
SPs as trust anchors. I hear slightly different messages from within
the NREN in question but they are indicating that SAML assertions are
"moving to" being signed by such trust anchors. I think I referred to
it in an earlier mail to PGI-WG.
--jens
More information about the Pgi-wg
mailing list