[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] some changes in requirements draft 3
>I think SAML is different than these other assertion types, in that it can >represent" them. Ie, SAML can say "the user authenticated with Kerberos, >X509, etc.". Since our interest is in communicating the facts of an >authentication between a DSS signing service and a relying party, it would >be good to reduce things to a single format (like SAML) that can represent >different authentication types, so the relying party only has to understand >this single format instead of knowing how to speak Kerberos if the >requestor authenticated to the signing service with Kerberos, and so on. I'm not convinced that SAML is the only assertion that should be used as speciifc tokens can do that just fine without going through the overhead of converting to SAML. >On lines 164-169, they talk about a reference to a remote assertion that >specifies not just the URI of the Assertion, but also which SAML protocol >binding to use to retrieve it, and which key to search on for it. I guess >we'll need to do the same, for referencing remote assertions. Why isn't the WSS-SAML Profile just used ? Anthony Nadalin | work 512.436.9568 | cell 512.289.4122
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]