OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Subject-based Profiles for SAML V1.1 Assertions


By way of explanation, the primary goal of this profile is to provide
some guidance to deployments that support SAML V1.1 and V2.0
simultaneously.  In that case, there is some flexibility in SAML V1.1
that is not present in SAML V2.0 (and vice versa).  This profile
places constraints upon SAML V1.1 subjects and assertions so that they
have properties similar to SAML V2.0 subjects and assertions.  This
may help interoperability and speed the transition from SAML V1.1 to
SAML V2.0.

Tom

On Dec 18, 2007 10:42 AM, Tom Scavo <trscavo@gmail.com> wrote:
>
> I just uploaded a set of documents entitled "Subject-based Profiles
> for SAML V1.1 Assertions":
>
> http://www.oasis-open.org/apps/org/workgroup/security/download.php/26571/sstc-saml1-profiles-assertion-subject-draft-01.odt
> http://www.oasis-open.org/apps/org/workgroup/security/download.php/26572/sstc-saml1-profiles-assertion-subject-draft-01.pdf
> http://www.oasis-open.org/apps/org/workgroup/security/download.php/26573/sstc-saml1-profiles-assertion-subject.xsd
>
> There are two profiles:
>
> SAML V1.1 Subject Profile
> SAML V1.1 Subject-based Assertion Profile
>
> The latter (which relies on the former) places constraints upon SAML
> V1.1 subjects and assertions so that they have properties similar to
> SAML V2.0 subjects and assertions.
>
> Of course we want to encourage implementers and deployers to leverage
> SAML V2.0, but in those situations where that is not possible (for one
> reason or another), this profile provides an intermediate solution.
> We've implemented it here, for instance, using OpenSAML 1.1 as a base.
>
> Still to be addressed are the definition of strongly matches and the
> mapping of SAML V1.1 SubjectConfirmation to SAML V2.0
> SubjectConfirmation.  Input on these complex issues would be
> appreciated.
>
> Tom Scavo
> NCSA
>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]