Re: [wss] Groups - WSS-SAML-11.pdf uploaded

[Ron Monzillo <Ronald.Monzillo@Sun.COM>]

Dims,

The sender-vouches example in 3.4.2.3 is perhaps a little more than it 
seems.

The example uses only SAML assertions, and thus there is
a holder-of-key assertion (referenced by STR 2) from keyInfo that is
being used to carry the key of the vouching sender. The sender-vouches
confirmed assertion is referenced from SignedInfo (by id = "#STR1") and
is being signed by the key in the holder-of-key assertion.

The example could have used a keyIdentifier reference to an X509 cert from
KeyInfo, but as I noted above, I was trying to show an all SAML example.

If you think the example is not very helpful, I would be willing to discuss
changing it.

Ron

Srinivas, Davanum M wrote:

>Ron,
>
>Here's some feedback from my team 
>--------------------- Feedback from Werner -------------------------
>IMO there is a wrong example in the profile spec:
>chapter 3.4.2.3) contains a SAML Assertion which does not specifiy
>sender-vouches (holder-of-key instead). Seems to be a "copy-paste
>error"). Thus also the following references, KeyInfo etc. may be out of
>sync.
>--------------------- Feedback from Werner ------------------------- 
>
>Thanks,
>dims
>
>-----Original Message-----
>From: ronald.monzillo@sun.com [mailto:ronald.monzillo@sun.com] 
>Sent: Friday, May 21, 2004 6:43 PM
>To: wss@lists.oasis-open.org
>Subject: [wss] Groups - WSS-SAML-11.pdf uploaded
>
>The document WSS-SAML-11.pdf has been submitted by ronald monzillo
>(ronald.monzillo@sun.com) to the OASIS Web Services Security TC document
>repository.
>
>Document Description:
>1. Moved "http://...documents.php"; URL from "Location" to "Document
>Repository (temporary):" which will be removed when document is
>available from "Location".
>
>
>
>2. In section "1.1.1 Non-Goals", added new bullet to indicate that
>describing support for V1.0 assertions is outside the scope of the
>profile.
>
>
>
>3. Changed SAMLAssertion-1.0 wsse:Reference/@ValueType to
>SAMLAssertion-1.1 in examples (lines 366, 611, and 752).
>
>
>
>4. Updated document, specification, and schema URL's to accommodate
>change to OASIS document URLs(i.e. www.docs.oasis-open.org changed to
>docs.oasis-open.org).
>
>
>
>5. Removed SAMLAssertion-1.0 wsse:Reference/@ValueType from "Table-2
>ValueType Attribute Values." Also removed footnote on Table title. 
>
>
>
>6. Editorial correction made to the attributes of the NameIdentifier
>element in the examples (see lines 564 and 684).
>
>
>
>7. In section 3.4, "Subject Confirmation of SAML Assertions" (line 485),
>changed the reference to be to [SAMLCore] for the definition of the
>validation and processing rules that apply to SAML assertions. Also (as
>the resolution to issue 275), extended the stated reliance (on
>[SAMLCore]) with "including the validation of assertion signatures, and
>the processing of  elements within Assertions".
>
>Download Document:  
>http://www.oasis-open.org/apps/org/workgroup/wss/download.php/6877/WSS-S
>AML-11.pdf
>
>View Document Details:
>http://www.oasis-open.org/apps/org/workgroup/wss/document.php?document_i
>d=6877
>
>
>PLEASE NOTE:  If the above links do not work for you, your email
>application may be breaking the link into two pieces.  You may be able
>to copy and paste the entire link address into the address field of your
>web browser.
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of
>the OASIS TC), go to
>http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup
>.php.
>
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php.
>
>  
>