[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue 31: Token properties
> As for what elements/attributes may be required in a SAML > token request, the SAML AuthnRequest is a good place to > start. The STS may need to know, for example, what name id > policy to use when generating a SAML token. I actually argue that in fact SAML assertions are merely rich wrappers around the actual security technology, which is expressed in SubjectConfirmation. If you want to capture the "token type", WS-SP would do better to at least identify the confirmation method, not "SAMLv2". Existing practice around the use of SAML as web service mechanisms suggests that that approach has some merit. That alone is still worthless for meaningful use cases, just a little less worthless. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]