OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] SAML, trust and WS.


 


> > could be consumable at multiple destinations using different
> > subject confirmations (you can have more than one).
> 
> So what you are saying is we could have the Bearer 
> ConfirmationMethod for the local SP and a HolderofKey for the 
> remote WebService.
> Are you referring to the Recipient (or address) option (of
> SubjecConfirmationData) where we can specify the network for example.
> (Core page 19)

Both mechanisms are possible but note that you will probably need
some out-of-band understanding of what to do with the token at the
SP since the SP has to "know" what to do with the token when
it submits it to the web service (e.g. the SP could look at the
token and just see that it has a bearer confirmation and try
to use that when it should use the HoK and I don't think there's
a way to say in SAML that the SP should use one vs the other
confirmation method when using the token).

Liberty handles this by having a separate data element outside 
of the assertion that instructs the SP on what security mechanism
should be used when invoking the WS.

Conor


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]