OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] Introduction & Question about the "heaviness" of SAML

> You mention that I should try and create a new SAML profile to do the 
> type of thing that we want to do with Tickets. That is, merely specify
> "key" that the SAML consumer uses to access information in the user's 
> account with their SAML producer. The SAML profile could also contain 
> information to help with using this key, such as the IP address of the

> user. Is this correct?

It's probably fair to say that (from the little you've described) it
might be a new profile. What the profile would look like and which
features of the SAML spec you'd want to use is a little hard to say
without more information, but you might want to look at the work being
done in the WS-Security profile wrt attaching SAML assertions to SOAP
messages. It might (or might not) be relevant.

The profile would describe what gets passed to whom, what the security
attacks are, and what the countermeasures are (address checks, time
limits, audience/recipient checking, digitial signatures, SSL, etc.)

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC