[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Comments on WS-Security and Relationship toSAML 1.0 and SOAP Profile of SAML
>If there is sufficient interest at the SSTC, a WS-Security Profile for SAML can be >developed by the OASIS SAML working group. This would replace/augment the >current draft SOAP Profile of SAML. At first guess, it should also be a shorter/simpler >task as we have the WS-Security foundation to build on. I agree that a WS-Security Profile for SAML should be developed by OASIS SAML TC. This work should be done by a web services binding group within the SSTC, IMO. >At first guess, it should also be a shorter/simpler task as we have the WS-Security >foundation to build on. I think there are a couple of issues that we need to further analyze here: 1) Should SAML data model import/re-use wsse:UsernameToken and wsse:BinarySecurityToken related constructs in the future or should such credential models remain out of context of SAML? Kerberos tickets and other authentication models need to be factored in also. 2) How the incompletely defined Signed Security Token (in WS-Security v. 1.0) relates to SAML v. 1.0 Assertions? 3) Since the top-level SOAP header extension: wsse:security is a container for multiple types of security data, it seems like we should define a SAML container component that can be carried within the wsse:security element. E.g., how about something like <wsse:security> ...<saml:assertion> ...</saml:assertion>...</wsse:security> 4) The cryptographic binding approach(es) with SOAP messages in context of the SOAP security header element, wsse:security, needs to be decided. 5) How future WS-Federation and WS-Authoirzation specifications (discussed in the WS-Security Roadmap document) will relate to SAML 1.0 (and XACL)? ----Zahid -----Original Message----- From: Mishra, Prateek [mailto:pmishra@netegrity.com] Sent: Wednesday, April 24, 2002 10:41 AM To: 'security-services@lists.oasis-open.org' Subject: [security-services] Comments on WS-Security and Relationship to SAML 1.0 and SOAP Pro file of SAML
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC