[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Using SAML Artifacts in the WSS SAML TokenProfile
Scott Cantor wrote: >>So, I'm looking at the latest SAML Token Profile document for >>the WSS and though it worth mentioning that we consider >>documenting how one would use a SAML artifact as a bearer token. > > > An issue to profile around is that artifacts in 2.0 were defined to be > protocol messages, not assertions. In this case, a samlp:Response, > presumably. > > In a sense, this resembles the third-party AuthnRequest use case. You've got > a client (of whatever sort) who wants an assertion to give to a WSP, and > you're proposing this be done by artifact. In essence then, the client is > sending an request to the SAML authority for the token on behalf of the WSP, > but getting back the artifact representing the samlp:Response which the WSP > can be given to dereference. If you want to be able to use artifacts to secure SOAP messages, then to be compatable with the WSS reference forms, it would seem that the artifact, which i would view as a token reference, should be encapsulated in an STR, as WSS differentiates references to tokens from tokens. If this makes sens to others, we could add this ability to the STP. Of course, if the client can transform the artifact into an assertion id, or a a uri query, the existing stp could accomodate the exchange of the reference. Ron
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]