[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: AI 0229: Suggest support for passing SAML URI Reference to WSS
I had taken an action to verify that the WSS STP 1.1 draft supported SAML URI references, and, if not, what changes were needed. Section 3.4 of WSS 1.1 STP (366-371) states: [quote] A reference to a SAML V2.0 assertion that is NOT contained in the same message MUST be a Direct or URI reference. In this case, the value of the URI attribute must conform to the URI syntax defined in section 3.7.5.1 of [SAMLBindV2]. That is, an HTTP or HTTPS request with a single query string parameter named ID. The reference MUST also contain a wsse11:TokenType attribute and the value of this attribute MUST be the value from Table 3 identifying the assertion as a SAML V2.0 security token. When a Direct reference is made to a SAML V2.0 Assertion, the Direct reference SHOULD NOT contain a ValueType attribute. [\quote] This is pretty much what was sought in the discussion: ability to transfer a reference in the form of: <wsse:SecurityTokenReference wsu:Id="abc" wsse:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"> <wsse:Reference URI="http://www.samlservice.org/getAssertion?ID=12haytd" /> </wsse:SecurityTokenReference>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]