OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss-comment] 2 comments on WSS 1.0 spec now balloting at OASIS

Michael,

As Kelvin noted the WSS SAML token profile is available in the
WSS doucment repository. Try

http://www.oasis-open.org/apps/org/workgroup/wss/download.php/5177/WSS-SAML-09.pdf

Also, Liberty's SAML SOAP binding builds on top of the WSS SAML token 
profile. See

http://www.projectliberty.org/specs/liberty-idwsf-security-mechanisms-v1.0.pdf

Thanks,

Ron

Michael.Mccormick@wellsfargo.com wrote:

>Comment #1
>Document: Web Services Security: SOAP Message Security (WS-Security)
>Comment: Although general guidance is provided regarding XML security
>tokens, WSS 1.0 does not include a security assertion markup language (SAML)
>assertion/token profile.  This is a serious omission given the critical role
>of SAML in so many federated identity solutions now being deployed.  The
>omission has forced a number of commercial web services security products to
>create their own SAML-SOAP bindings (or use the one promoted by the Liberty
>Alliance) in order to meet customer demand.
>Recommendation: Include a SAML 1.1 profile in the next WSS version as early
>as possible.
>
>Comment #2
>Document: Web Services Security: Username Token Profile
>Comment: The UserName Token element (/wsse:UsernameToken) does not provide
>any means of qualifying the user name to indicate its type or domain.
>Optional sub-elements should be defined for type (with several types
>pre-defined including e-mail address and Microsoft SAM account name) and
>domain (DNS or NT/AD).  Without such qualifiers a <Username> value can often
>be ambiguous or non-unique.  For an example of XML type and domain
>qualifiers, refer to the Username schema in the security assertion markup
>language (SAML).
>Recommendation: Add optional qualifiers to UsernameToken in the next WSS
>version.
>
>Michael McCormick
>System Architect
>Wells Fargo Services Company
>255 Second Ave. South
>MAC N9301-027
>Minneapolis MN 55479
>  
>
>>*  612-667-9227 (voice)
>>*  612-590-1437 (cell)
>>    
>>
>* 612-621-1318 (pager)
>  
>
>>*   612-667-7642 (fax)
>>*  mailto://michael.mccormick@wellsfargo.com
>>*  m.mccormick@acm.org
>>    
>>
>"THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS
>FARGO"
>
>
>To unsubscribe from this list, send a post to wss-comment-unsubscribe@lists.oasis-open.org, or visit http://www.oasis-open.org/mlmanage/.
>
>  
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]