[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] SAML Browser Profiles Metadata
Thanks,
Jahan
----------------
Jahan Moreh
Chief Security
Architect
310.286.3070
-----Original Message-----
From: Jahan Moreh [mailto:jmoreh@sigaba.com]
Sent: Wednesday, April 23, 2003 6:02 PM
To: SAML
Subject: [security-services] SAML Browser Profiles MetadataColleagues -As promised, I have published draft 02 of SAML BrowserProfiles Metadata. This draft heavily borrows from Liberty 1.2 metadata spec, draft 1.0-06. The documents are in Kavi and available for review. Please see http://www.oasis-open.org/apps/org/workgroup/security/download.php/1734/draft-sstc-saml-meta-data-02.pdf (an MS word version is also available). I have also uploaded the schema document that appears in section 3 of this document as an xsd file (see http://www.oasis-open.org/apps/org/workgroup/security/download.php/1736/draft-sstc-schema-meta-data-02.xsd.xml)Below I attempt to answer some questions that may come up:Where is Source ID for Artifact source?Per Liberty specifications, the source ID is a SHA-1 hash of the provider ID, which is a required attribute of the sourceWhere is the designation for Issuer?The issuer of a SAML assertion MUST have the same value of the provider ID.Why would a destination (Service Provider) that supports both browser profiles have to provide two descriptors?This is required to avoid designating a new element "ArtifactReceiverURL". I.e., we have overloaded AssertionConsumerURL for both browser profiles.Where is the designation for NameIdenifierFormat?It is not explicitly designated. It can be specified in the catch-all "Extension" element.What happened to the various trust models?In the interest of time I have not specified trust models. Given the practical experience with two interops, it appears that exchanging SSL certificates (both client and server) is the de facto trust model.Thanks,Jahan----------------
Jahan Moreh
Chief Security Architect
310.286.3070
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]