[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [bdxr] Using SAML with ebMS 3.0
|
Hi Pim
As we talked about yesterday: START uses SAML for the "holder-of-key" type of assertion. In this scenario an identity provider or similar authenticates the sending party and issues the SAML assertion. From your description yesterday it sounds to me like
this is very close to what the Australian government wants to do. An overview can be found in the attached document on page 15, "Including a SAML assertion in the Security header" and subsection "Types of SAML assertions" on the same page, and more details
on page 16, "Additional Processing Rules for holder-of-key Assertions", chapter 5 "SAML 2.0 assertion profile" pages 20 to 22, and the example on page 25 and 26.
I will be very interested in hearing how the Australian government progresses and what you come up with for ebMS 3.0. It certainly is most interesting for PEPPOL.
Best regards,
Kenneth
From: Pim van der Eijk <pvde@sonnenglanz.net>
Date: Thursday, May 9, 2013 3:34 AM To: "bdxr@lists.oasis-open.org" <bdxr@lists.oasis-open.org> Subject: [bdxr] Using SAML with ebMS 3.0 Hello,
FYI, the Australian government (which mandates ebMS 3.0 for some very large scale data exchanges) will define a profile of the WS-Security SAML profile for use with ebMS 3.0. Like other countries,
they have an established SAML based system for B2G communication that this profile would allow them to reuse. In BDX/BDXR there were earlier proposals to use SAML. I need to spend
more time to understand this proposal, but it seems to have some strong advantages.
It would be useful to to
see if BDXR could leverage this work.
Pim
|
Attachment:
ICT-Transport-START_Service_Specification-101.pdf
Description: ICT-Transport-START_Service_Specification-101.pdf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]