OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: SAML, trust and WS.


Title: SAML, trust and WS.

Hi,
moving on Web service investigation and security I came across at the SAML token profile.
If I understood it right this Token is used as part of a WS-security message to authenticate (and possibly authorize) a user.

The use case I have seen is the following:

UserA gets a SAML assertion (related to himself).
Then includes the Assertion as a Token in the WS-se message to the Service A

The things are not fully clear are the following:

Where the user gets the Assertion from ? IDP ?  In the federated example/SSO it was clear what the relationship between user/SP/IDP was. with the Wsse I kind of don't get the full picture.

The Service somehow will have to trust the Asserting party even though in different trust domains ? Or this means that the user can only be authenticated in his trust domain ?

The SAML message will need to contain all the information necessary to the Service A to make the decision. I mean Service A don't need to go somewhere else to check that the assertion is valid as he has got all the info he requires. I guess it's here where subject confirmation might come in place ?

I hope the info in the question is clear enough, otherwise don't hesitate to ask for any farther details.

Thanks.
Giuseppe.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]