OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: AI 0229: Suggest support for passing SAML URI Reference to WSS


I had taken an action to verify that the WSS STP 1.1 draft supported 
SAML URI references, and, if not, what changes were needed.

Section 3.4 of WSS 1.1 STP (366-371) states:

[quote]
A reference to a SAML V2.0 assertion that is NOT contained in the same 
message MUST be a Direct
or URI reference. In this case, the value of the URI attribute must 
conform to the URI syntax defined in
section 3.7.5.1 of [SAMLBindV2]. That is, an HTTP or HTTPS request with 
a single query string
parameter named ID. The reference MUST also contain a wsse11:TokenType 
attribute and the
value of this attribute MUST be the value from Table 3 identifying the 
assertion as a SAML V2.0
security token. When a Direct reference is made to a SAML V2.0 
Assertion, the Direct reference
SHOULD NOT contain a ValueType attribute.
[\quote]

This is pretty much what was sought in the discussion: ability to 
transfer a reference in the form of:

<wsse:SecurityTokenReference wsu:Id="abc" 
wsse:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";>
     <wsse:Reference 
URI="http://www.samlservice.org/getAssertion?ID=12haytd"; />
</wsse:SecurityTokenReference>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]