[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] saving saml assertions
> > In other protocols, such as Liberty's ID-WSF protocols, > > assertions are delivered to web service consumers for > > later inclusion in messages to web services and as > > such are typically managed locally by the web > > service consumer. However, even there, artifact type > > objects may be used to pass along references to > > assertions rather than the assrtions themselves. > > What are the use cases associated with > > <saml2:AssertionIDRef> > <saml2:AssertionURIRef> Those are the kinds of things I referred to as "artifact type objects" above. They aren't full fledged SAML artifacts (which with 2.0 refer to SAML messages, not assertions), but act as a reference for a specific assertion. The WSS STP uses the AssertionURIRef to reference external SAML tokens in WS-Security headers. The primary use case for both is when you want to send an assertion by reference rather than by value and so the relying party goes to the IdP to retrieve the assertion directly. This can ease the requirements on security of the assertion since it won't go through a third parties hands on the way to the RP. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]