[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] FW: Help with what standards support these WebServices calls?
Well, thanks Hal and Scott for these comments and the others preceding them. Let us go away and mull over your responses and come back once we have cleared up our own 'fud'. Cheers Colin -----Original Message----- From: Cantor, Scott E. [mailto:cantor.2@osu.edu] Sent: Wednesday, 23 February 2011 12:13 p.m. To: Hal Lockhart; Colin Wallis; saml-dev@lists.oasis-open.org; colin_wallis@hotmail.com Subject: RE: [saml-dev] FW: Help with what standards support these Web Services calls? > As someone else noted, WS-Trust could also be used for steps 1 & 2. The > main advantage in using WS-Trust vs.. SAML Authn Req is that WS-Trust has a > mechanism for conveying a key back to the requestor (corresponding to the > key in the Token) which can then be used for message protection and to bind > the SAML Assertion to the message contents, assuming Agency 1 & Agency 2 > have the necessary cryptographic capabilities. With SAML Authn Req, Holder > of Key Subject confirmation cannot be used unless some other means of key > distribution is provided. Anything you can do with WS-Trust, you can do with SAML. I'd go so far as to say the interoperability is about as likely too (if not higher). In this specific case, using an attribute is a trivial way to communicate a key back. -- Scott ==== CAUTION: This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you. ====
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]