projects / shibboleth / cpp-sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Version bump
[shibboleth/cpp-sp.git] / configs / security-policy.xml
diff --git a/configs/security-policy.xml b/configs/security-policy.xml
index c0a5393..41b000b 100644 (file)
--- a/configs/security-policy.xml
+++ b/configs/security-policy.xml
@@ -1,36 +1,33 @@
-<SecurityPolicies xmlns="urn:mace:shibboleth:2.0:native:sp:config">\r
-\r
-    <!-- Each policy defines a set of rules to use to secure messages. -->\r
-\r
-    <!--\r
-    The predefined policy enforces replay/freshness, standard\r
-    condition processing, and permits signing and client TLS.\r
-    -->\r
-    <Policy id="default" validate="false">\r
-        <PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>\r
-        <PolicyRule type="Conditions">\r
-            <PolicyRule type="Audience"/>\r
-            <!-- Enable Delegation rule to permit delegated access. -->\r
-            <!-- <PolicyRule type="Delegation"/> -->\r
-        </PolicyRule>\r
-        <PolicyRule type="ClientCertAuth" errorFatal="true"/>\r
-        <PolicyRule type="XMLSigning" errorFatal="true"/>\r
-        <PolicyRule type="SimpleSigning" errorFatal="true"/>\r
-    </Policy>\r
-\r
-    <!--\r
-    This policy is a place-holder for use of assertions in metadata\r
-    as a way of attaching signed information about particular IdPs.\r
-    -->\r
-    <Policy id="entity-attributes">\r
-        <PolicyRule type="Conditions"/>\r
-        <PolicyRule type="XMLSigning" errorFatal="true"/>\r
-    </Policy>\r
-    \r
-    <!-- Disables known weak algorithms. -->\r
-    <AlgorithmBlacklist>\r
-    http://www.w3.org/2001/04/xmldsig-more#md5\r
-    http://www.w3.org/2001/04/xmldsig-more#rsa-md5\r
-    </AlgorithmBlacklist>\r
-\r
-</SecurityPolicies>\r
+<SecurityPolicies xmlns="urn:mace:shibboleth:2.0:native:sp:config">
+
+    <!-- Each policy defines a set of rules to use to secure messages. -->
+
+    <!--
+    The predefined policy enforces replay/freshness, standard
+    condition processing, and permits signing and client TLS.
+    -->
+    <Policy id="default" validate="false">
+        <PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>
+        <PolicyRule type="Conditions">
+            <PolicyRule type="Audience"/>
+            <!-- Enable Delegation rule to permit delegated access. -->
+            <!-- <PolicyRule type="Delegation"/> -->
+        </PolicyRule>
+        <PolicyRule type="ClientCertAuth" errorFatal="true"/>
+        <PolicyRule type="XMLSigning" errorFatal="true"/>
+        <PolicyRule type="SimpleSigning" errorFatal="true"/>
+    </Policy>
+
+    <!--
+    This policy is a place-holder for use of assertions in metadata
+    as a way of attaching signed information about particular IdPs.
+    -->
+    <Policy id="entity-attributes">
+        <PolicyRule type="Conditions"/>
+        <PolicyRule type="XMLSigning" errorFatal="true"/>
+    </Policy>
+    
+    <!-- Disables known weak algorithms. -->
+    <AlgorithmBlacklist includeDefaultBlacklist="true"/>
+
+</SecurityPolicies>
Unnamed repository; edit this file 'description' to name the repository.