[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] some changes in requirements draft 3
We had this issue in WS-Security, we did not want to have to have the extra baggage of SAML just to do a assertion (when the requestor or recipient did not support SAML), so we defined a basic element that allowed one to assert a name and then we allowed for additional profiles that could use SAML, Kerberos, X509, XrML, etc to provide an assertion <wsse:UsernameToken wsu:Id="..."> <wsse:Username>...</wsse:Username> </wsse:UsernameToken> There are quite a few assertions that exist today in legacy systems, such as Kerberos, one should also be able to use these, especially since symmetric keys can be used for signing. Anthony Nadalin | work 512.436.9568 | cell 512.289.4122 |---------+----------------------------> | | Trevor Perrin | | | <trevp@trevp.net>| | | | | | 04/10/2003 12:33 | | | AM | |---------+----------------------------> >------------------------------------------------------------------------------------------------------------------------------------------------| | | | To: Anthony Nadalin/Austin/IBM@IBMUS, dss@lists.oasis-open.org | | cc: | | Subject: RE: [dss] some changes in requirements draft 3 | >------------------------------------------------------------------------------------------------------------------------------------------------| At 10:44 PM 4/9/2003 -0500, Anthony Nadalin wrote: >Why is this limited to SAML as SAML is not the only assertions we have to >deal with, this needs to be generalized Hi Anthony, I don't understand your question. What other assertions are you talking about? What exactly needs to be generalized? Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]