OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] Comments on WS-Security and Relationship toSAML 1.0 and SOAP Profile of SAML

>If there is sufficient interest at the SSTC, a WS-Security Profile for SAML
can be >developed by the OASIS SAML working group. This would
replace/augment the >current draft SOAP Profile of SAML. At first guess, it
should also be a shorter/simpler >task as we have the WS-Security foundation
to build on. 

I agree that a WS-Security Profile for SAML should be developed by 
OASIS SAML TC.
 
This work should be done by a web services binding group within
the SSTC, IMO.
 
 
>At first guess, it should also be a shorter/simpler task as we have the
WS-Security >foundation to build on. 
 
I think there are a couple of issues that we need to further analyze here:
 
1) Should SAML data model import/re-use wsse:UsernameToken and 
    wsse:BinarySecurityToken related constructs in the future or should such

    credential models remain out of context of SAML? Kerberos tickets and 
    other authentication models need to be factored in also.
 
2) How the incompletely defined Signed Security Token (in WS-Security v.
1.0) relates 
    to SAML v. 1.0 Assertions?
 
3) Since the top-level SOAP header extension: wsse:security is a container
for multiple
    types of security data, it seems like we should define a SAML container
component
    that can be carried within the wsse:security element. E.g., how about
something
    like <wsse:security> ...<saml:assertion>
...</saml:assertion>...</wsse:security>
 
4) The cryptographic binding approach(es) with SOAP messages in context of 
    the SOAP security header element, wsse:security, needs to be decided.
 
5) How future WS-Federation and WS-Authoirzation specifications (discussed
in the
    WS-Security Roadmap document) will relate to SAML 1.0 (and XACL)?
 
 
 
----Zahid
   
 
 
 
 
 
 

-----Original Message-----
From: Mishra, Prateek [mailto:pmishra@netegrity.com]
Sent: Wednesday, April 24, 2002 10:41 AM
To: 'security-services@lists.oasis-open.org'
Subject: [security-services] Comments on WS-Security and Relationship to
SAML 1.0 and SOAP Pro file of SAML

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC