Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Deployers MUST use XML Encryption for encrypt assertions and MUST use AES GCM as the encryption algorithm.

SPs MAY use a single RSA key for both decryption and signing in the event that they have a signing key.

Deployers of IdPs MUST use separate encryption and signing keys (we are explicitly remaining silent on the question of SP key use (combined signing+encryption))if we end up requiring IdPs to decrypt, otherwise moot).