[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] some changes in requirements draft 3
We had this issue in WS-Security, we did not want to have to have the extra
baggage of SAML just to do a assertion (when the requestor or recipient did
not support SAML), so we defined a basic element that allowed one to assert
a name and then we allowed for additional profiles that could use SAML,
Kerberos, X509, XrML, etc to provide an assertion
<wsse:UsernameToken wsu:Id="...">
<wsse:Username>...</wsse:Username>
</wsse:UsernameToken>
There are quite a few assertions that exist today in legacy systems, such
as Kerberos, one should also be able to use these, especially since
symmetric keys can be used for signing.
Anthony Nadalin | work 512.436.9568 | cell 512.289.4122
|---------+---------------------------->
| | Trevor Perrin |
| | <trevp@trevp.net>|
| | |
| | 04/10/2003 12:33 |
| | AM |
|---------+---------------------------->
>------------------------------------------------------------------------------------------------------------------------------------------------|
| |
| To: Anthony Nadalin/Austin/IBM@IBMUS, dss@lists.oasis-open.org |
| cc: |
| Subject: RE: [dss] some changes in requirements draft 3 |
>------------------------------------------------------------------------------------------------------------------------------------------------|
At 10:44 PM 4/9/2003 -0500, Anthony Nadalin wrote:
>Why is this limited to SAML as SAML is not the only assertions we have to
>deal with, this needs to be generalized
Hi Anthony,
I don't understand your question. What other assertions are you talking
about? What exactly needs to be generalized?
Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]