[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss-comment] 2 comments on WSS 1.0 spec now balloting at OASIS
Michael, As Kelvin noted the WSS SAML token profile is available in the WSS doucment repository. Try http://www.oasis-open.org/apps/org/workgroup/wss/download.php/5177/WSS-SAML-09.pdf Also, Liberty's SAML SOAP binding builds on top of the WSS SAML token profile. See http://www.projectliberty.org/specs/liberty-idwsf-security-mechanisms-v1.0.pdf Thanks, Ron Michael.Mccormick@wellsfargo.com wrote: >Comment #1 >Document: Web Services Security: SOAP Message Security (WS-Security) >Comment: Although general guidance is provided regarding XML security >tokens, WSS 1.0 does not include a security assertion markup language (SAML) >assertion/token profile. This is a serious omission given the critical role >of SAML in so many federated identity solutions now being deployed. The >omission has forced a number of commercial web services security products to >create their own SAML-SOAP bindings (or use the one promoted by the Liberty >Alliance) in order to meet customer demand. >Recommendation: Include a SAML 1.1 profile in the next WSS version as early >as possible. > >Comment #2 >Document: Web Services Security: Username Token Profile >Comment: The UserName Token element (/wsse:UsernameToken) does not provide >any means of qualifying the user name to indicate its type or domain. >Optional sub-elements should be defined for type (with several types >pre-defined including e-mail address and Microsoft SAM account name) and >domain (DNS or NT/AD). Without such qualifiers a <Username> value can often >be ambiguous or non-unique. For an example of XML type and domain >qualifiers, refer to the Username schema in the security assertion markup >language (SAML). >Recommendation: Add optional qualifiers to UsernameToken in the next WSS >version. > >Michael McCormick >System Architect >Wells Fargo Services Company >255 Second Ave. South >MAC N9301-027 >Minneapolis MN 55479 > > >>* 612-667-9227 (voice) >>* 612-590-1437 (cell) >> >> >* 612-621-1318 (pager) > > >>* 612-667-7642 (fax) >>* mailto://michael.mccormick@wellsfargo.com >>* m.mccormick@acm.org >> >> >"THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS >FARGO" > > >To unsubscribe from this list, send a post to wss-comment-unsubscribe@lists.oasis-open.org, or visit http://www.oasis-open.org/mlmanage/. > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]