OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-03.odt


On Sat, Jul 5, 2008 at 12:42 PM, Scott Cantor <cantor.2@osu.edu> wrote:
> Tom Scavo wrote:
>>
>> Scott, can you provide pointers to the profile (or profiles) you're
>> referring to?
>
> I have, many times.

No, you haven't, not on the lists I frequent (or I wouldn't have asked).

> http://www.projectliberty.org/liberty/content/download/3433/22925/file/liberty-idwsf-2.0-20070709.zip

This is all of ID-WSF, right?  I'm looking for a standalone profile to
retrieve a h-o-k assertion from a SAML IdP.  Does such a profile
exist?

> The SAML Token Service profile and SOAP binding specs do exactly what you
> want for SOAP applications.

Well, I don't see a SAML Token Service profile in that mountain of
files.  Moreover, I didn't ask for a SOAP binding ;-) so if that's all
you have, I'm still looking.

> An HTTP binding spec for HTTP applications would
> be a simple matter, but I believe an HTTP-based token service is unnecessary
> and counter-productive because HTTP isn't an adequate framework for client
> authentication anyway.

Given that 1) the vast majority of IdPs authenticate users via
username/password (in my experience, at least), and 2) there appears
to be at least a mild backlash against SOAP in the marketplace, I
would say that an HTTP-based token service is not only viable, but
necessary at this point.

> The "overhead" of using ID-WSF in a conforming manner to perform
> AuthnRequests with certificate or password-based security amounts to
> probably 2 meaningless SOAP headers.

Are you referring to WS-Addressing?  I haven't examined this aspect of
ID-WSF in detail, but I wonder if the use of WS-A here interferes with
the use of WS-A in applications based on WS-ResourceFramework (which
is the totality of grid applications)?

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]