[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-03.odt
On Sat, Jul 5, 2008 at 12:42 PM, Scott Cantor <cantor.2@osu.edu> wrote: > Tom Scavo wrote: >> >> Scott, can you provide pointers to the profile (or profiles) you're >> referring to? > > I have, many times. No, you haven't, not on the lists I frequent (or I wouldn't have asked). > http://www.projectliberty.org/liberty/content/download/3433/22925/file/liberty-idwsf-2.0-20070709.zip This is all of ID-WSF, right? I'm looking for a standalone profile to retrieve a h-o-k assertion from a SAML IdP. Does such a profile exist? > The SAML Token Service profile and SOAP binding specs do exactly what you > want for SOAP applications. Well, I don't see a SAML Token Service profile in that mountain of files. Moreover, I didn't ask for a SOAP binding ;-) so if that's all you have, I'm still looking. > An HTTP binding spec for HTTP applications would > be a simple matter, but I believe an HTTP-based token service is unnecessary > and counter-productive because HTTP isn't an adequate framework for client > authentication anyway. Given that 1) the vast majority of IdPs authenticate users via username/password (in my experience, at least), and 2) there appears to be at least a mild backlash against SOAP in the marketplace, I would say that an HTTP-based token service is not only viable, but necessary at this point. > The "overhead" of using ID-WSF in a conforming manner to perform > AuthnRequests with certificate or password-based security amounts to > probably 2 meaningless SOAP headers. Are you referring to WS-Addressing? I haven't examined this aspect of ID-WSF in detail, but I wonder if the use of WS-A here interferes with the use of WS-A in applications based on WS-ResourceFramework (which is the totality of grid applications)? Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]