imi message

Subject: Re: [imi] SAML 2 profile questions

From: Scott Cantor <cantor.2@osu.edu>
To: John Bradley <jbradley@mac.com>
Date: Thu, 15 Oct 2009 00:01:11 -0400

John Bradley wrote:
> I agree with Scott.   If you want some sort of unsigned token it should 
> be a different token type.

Or at least a different profile that I can take my name off of.

> I think different signature methods should be supported rather than 
> limiting it to RSA sigs, but I believe that is allowed now.

The specification is silent about it except where it discusses things like 
HoK, which is separate from this.

> Scott,  If as a issuer I wanted to use pre shared symmetric keys would 
> that be supported by this profile?

Anything supported by SAML is supported by the profile, and SAML supports 
anything defined for XML Signature, which includes HMAC signatures. Of 
course, those aren't mandatory to implement at the moment, and lots of 
implementations wouldn't handle them.

-- Scott

Follow-Ups:
- Re: [imi] SAML 2 profile questions
  - From: John Bradley <jbradley@mac.com>

References:
- SAML 2 profile questions
  - From: Mike Jones <Michael.Jones@microsoft.com>
- Re: [imi] SAML 2 profile questions
  - From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Re: [imi] SAML 2 profile questions
  - From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Re: [imi] SAML 2 profile questions
  - From: John Bradley <jbradley@mac.com>