Drummond Group's Knowledge Library

company

About Us Customer Endorsements Cross-industry Experience Global Testing Vendor Neutrality Certification Programs Value for Software Companies Management Careers Contact Us

services

Interop testing services Conformance testing Services Strategic services research

AS1 AS2 AS3 CPFR® ebXML CSOS Audit Certification

In the Queue for AS1 In the Queue for AS2 In the Queue for AS3 In the Queue for ebXML Liberty Alliance Rosettanet Standards Info Test Calendar

tests

Join DGI Tech Support InSitu AS2 Test Overview AS2 Optional Profiles Test Calendar FAQ On Testing Products List Glossary

standards

AS1 AS2

Filename Preservation Certificate Exchange Messaging Multiple Attachments AS2 Reliability

AS3 AS4 ebMS

Auto Retail XML Encryption

CPFR® CSOS GDSN ID-WSF SAML

events

Events

press

Press Releases Brochures Press Articles

research

DGI Update Reports Knowledge Library

contact >
home >
search >

company head

Drummond Group's Knowledge Library

Consensus Item Name: NameIDPolicy and ID Encryption

Test Event: SAML Interoperability Test Event 4Q07

Consensus Decision: If NameIDPolicy of AuthnRequest says ID is to be encrypted, it must be encrypted in the assertion and if NameIDPolicy of AuthnRequest does not state the ID is to be encrypted, the IDP MAY still encrypt the ID based on its policy, specifically its policy with the SP.

Background: During testing, a question arose on interpreting NameIDPolicy from [SAMLCore] in lines 2136-2142. The understanding was reached that if NameIDPolicy of AuthnRequest says ID is to be encrypted, it must be encrypted in the assertion and if NameIDPolicy of AuthnRequest does not state the ID is to be encrypted, the IDP MAY still encrypt the ID based on its policy, specifically its policy with the SP.

© 2008 Drummond Group, Inc.