OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [saml-dev] Introduction & Question about the "heaviness" of SAML


Hello, all.

I'm new to the list, and signed up to better understand SAML. I'm 
looking into it as a possible solution for an open source single sign-on 
platform, although it's going to be a bit of a battle to talk my 
co-developer into it since he's convinved SAML is too bloated and 
cumbersome. But, I'm trying to fully understand it so I can try to find 
ways to simplify the spec for our needs.

Currently my co-developer's idea for SSO is very simple (a bonus), but 
not easily interoperable with industry standards(IMO) and possibly not 
very resistant to forgery and other security hazards. I'd like to find a 
way to use his basic idea from within SAML so that we can easily build 
gateways to Liberty, Shibboleth, and other SAML-based systems. His idea 
is based off of a simple hash string, called a Ticket, that is passed to 
the requesting service by the user's identity host. This Ticket is used 
to identify the session the user has with the service, as well as tell 
the service that the identity host has validated the user.

I suppose I could start by asking a question based on his primary 
argument. I'm trying to read through the specification now, and I think 
it is true from what I've read, but would like to make sure from people 
who are very familiar with SAML.

Is the ability to store information in the assertion that allows the 
recipient to verify the validity of the assertion without a network 
connection, such as after the network connection is dropped, mandatory? 
Or is all of that information optional if our system will require a 
network connection to operate? Sorry if this is a bit vague, I'm 
stumbling into new territory here, and not entirely sure of the concepts 
yet.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC