[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] Introduction & Question about the "heaviness" of SAML
> You mention that I should try and create a new SAML profile to do the > type of thing that we want to do with Tickets. That is, merely specify a > "key" that the SAML consumer uses to access information in the user's > account with their SAML producer. The SAML profile could also contain > information to help with using this key, such as the IP address of the > user. Is this correct? It's probably fair to say that (from the little you've described) it might be a new profile. What the profile would look like and which features of the SAML spec you'd want to use is a little hard to say without more information, but you might want to look at the work being done in the WS-Security profile wrt attaching SAML assertions to SOAP messages. It might (or might not) be relevant. The profile would describe what gets passed to whom, what the security attacks are, and what the countermeasures are (address checks, time limits, audience/recipient checking, digitial signatures, SSL, etc.) -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC