[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] SAML Single Sign-On (SSO) Service forGoogle Apps
Well, I'm thinking we don't need to get too worried about the IdP aspects of the Google demo. The product they're offering supports SP functionality only; the demo uses what I assume is a quick and dirty mock-up of what a parter's IdP would do, just so they can show how it all works. If, however, there are deficiencies in their SP implementation's behavior (as it seems there are), that should be cause for concern. I'm sure Google would welcome some polite engagement from us and/or the Liberty Alliance conformance program before they end up with interop problems in production. ::Ari > -----Original Message----- > From: Brian Campbell [mailto:bcampbell@pingidentity.com] > Sent: Tuesday, February 27, 2007 4:17 PM > To: security-services@lists.oasis-open.org > Subject: RE: [security-services] SAML Single Sign-On (SSO) Service for > Google Apps > > > Over the weekend on the saml-dev list Scott noted a number of things > that are not to spec in their static demo - missing audience > condition, > missing subject confirmation data, missing destination attribute, and > the misuse of the ProtocolBinding attribute. I downloaded their open > source code examples to take a closer took at them and it has all the > same issues. And I noticed a few more while I was looking - the > AuthnRequest is missing the required Issuer element, Issuer is missing > in the Response (required if signed) and it looks like they are using > the wrong type of compression for redirect. > > What are people's thoughts about what, if anything, should be done by > the TC to 'police' implementations of the specification? > > > -----Original Message----- > > From: Prateek Mishra [mailto:prateek.mishra@oracle.com] > > Sent: Monday, February 26, 2007 8:26 PM > > To: security-services@lists.oasis-open.org > > Subject: [security-services] SAML Single Sign-On (SSO) Service for > Google > > Apps > > > > Google Apps offers a SAML-based Single Sign-On (SSO) service that > > provides partner companies with full control over the authorization > and > > authentication of hosted user accounts that can access web-based > > applications like Gmail or Google Calendar. Using the SAML model, > Google > > acts as the *service provider* and provides services such > as Gmail and > > Partner Start Pages (PSP). Google partners act as *identity > providers* > > and control usernames, passwords and other information used to > identify, > > authenticate and authorize users for web applications that Google > hosts. > > > > > > > http://code.google.com/apis/apps/sso/saml_reference_implementa tion.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]