[OpenSAML] How to use OpenSAML and maintain FIPS 140-1 compliance?
218 views
Skip to first unread message
Chris Fasbinder
Jun 23, 2011, 3:13:06 PM6/23/11
to mace-open...@internet2.edu
I am working on a project where we are considering using OpenSAML. The
product we plan to update currently uses a third party cryptography module
that has been validated by NIST for FIPS 140-1 compliance. We would like to
continue to use that third party cryptography module for all cryptography to
not require our own validation by NIST, unless the cryptography module used by
OpenSAML has already by validated for FIPS 140-1 compliance. Since my company
discourages employees from viewing third party open source code, I would like
to know how I can plug-in what cryptography module OpenSAML will use. The
third party cryptography module we currently use does provide a JSSE provider.
product we plan to update currently uses a third party cryptography module
that has been validated by NIST for FIPS 140-1 compliance. We would like to
continue to use that third party cryptography module for all cryptography to
not require our own validation by NIST, unless the cryptography module used by
OpenSAML has already by validated for FIPS 140-1 compliance. Since my company
discourages employees from viewing third party open source code, I would like
to know how I can plug-in what cryptography module OpenSAML will use. The
third party cryptography module we currently use does provide a JSSE provider.
Thanks,
Chris Fasbinder
Cantor, Scott E.
Jun 23, 2011, 3:21:49 PM6/23/11
to mace-open...@internet2.edu
JSSE is the SSL layer. The crypto in OpenSAML is JCE (and it's pluggable
via that mechanism).
The only place the SSL might come into play is the SOAP client code, Chad
or Brent could speak to that.
-- Scott
Christopher Fasbinder
Jun 23, 2011, 3:51:47 PM6/23/11
to mace-open...@internet2.edu
Scott,
Yes, I used the wrong acronym JCE is what I meant (I understand that is a big difference). We are not actually looking at using OpenSAML library for any transport so any SSL usage done by the library is not a concern to us. Good to know we are covered though and can still consider using OpenSAML.
Thanks,
Chris
Yes, I used the wrong acronym JCE is what I meant (I understand that is a big difference). We are not actually looking at using OpenSAML library for any transport so any SSL usage done by the library is not a concern to us. Good to know we are covered though and can still consider using OpenSAML.
Thanks,
Chris
Reply all
Reply to author
Forward
0 new messages