OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: fyi: draft-hodges-saml-binding-no-xmldsig-00

Hi, Scott Cantor and I have concocted the attached new draft SAML binding. The 
central thesis is that for various implementation and deployment scenarios, 
reliance upon XMLdsig is an inhibitor. So this new binding, which we've 
tentatively entitled "", is an answer. It is HTTP POST-based, with an 
_optional_ signature mechanism. The signature is over the entire conveyed SAML 
message "blob" and any RelayState (and SigAlg ;).

Portions of the spec remaining to be fixed up are noted with Maleresque 
"@@TODO" tags.

Comments appreciated.

thanks,

JeffH & Scott

draft-hodges-saml-binding-no-xmldsig-00.pdf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]