[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SAML, trust and WS.
> SAML provides capability for SSO and Delegation (via specific elements > in the assertion). No. SAML provides a core spec that can do lots of things. SAML also includes a profile, supported by many products that does web SSO. That's it. There are no profiles for delegation, and so if you do it, you're on your own right now. > SAML DOESN'T provide the capability (in a standard way - through > profiles) for a SP to query or ask for one Assertion or the other. (The > only assertion currently supported in the profiles is the SSO one.) See above. Yes, you can request SSO. Since there are no profiles for delegation, there's no way to "ask" for that either. > The important bit which I'm not too sure about is the following: > the only difference between the two assertions is really the Subject > confirmation bit (in the delegation case we need a holder of key or > sender vouches). > And the difference at the profile level is the capability to specify the > assertion required. The difference is also to define what's in the assertion in the first place. Yes, using holder of key is a logical way to do delegation, but it's probably not the only way, and there are certainly a lot of other details to it, potentially. The paper from Virginia for example bears little resemblance to mine. > This might be too simplistic but, is this correct ? what are other > things missing ? I would say that it's all missing. If you want to do delegation *today*, and not be inventing stuff, you basically have Liberty WSF. That's it. Whether Liberty qualifies as a standard depends on your point of view, but it's certainly got more behind it than just an academic paper or my hand-waving. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]