Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1526

Changes to profile and algorithm defaults

    XMLWordPrintable

    Details

      Description

      We plan to make several adjustments to the default profiles and security mechanisms used for new installs. These will not impact upgrades when done in accordance with the documentation.

      The three widely agreed changes included:

      • disable SAML 1 by default
      • disable attribute queries by default
      • removing default support for use of PKIX at runtime

      The tenatively agreed change is to switch the default XML encryption algorithm to AES-GCM. This is more open to discussion because it guarantees some effort by deployers to override that default for a variety of services, likely permanently.

        Attachments

          Activity

            People

            Assignee:
            tzeller@shibboleth.net Tom Zeller
            Reporter:
            cantor.2@osu.edu Scott Cantor
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 15 minutes
                15m