OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] source ID

Global uniqueness might not be required, but it is a good thing, so I don’t recommend using just your “company’s URL” (e.g. http://www.rsasecurity.com).  If your company will have more than one asserting party initiating BAP exchanges, you will need unique SourceID’s; one for each AP.  We tend to recommend that the SourceID be created from a SHA-1 hash of the SOAP Binding Service URL at each AP (e.g. https://ap123.rsasecurity.com/SoapBindingService/sbs.jsp) rather than your “company’s URL”. This way, if I stand up a new AP at my company, I can ensure that the SourceID’s will be unique so that partner sites can send their requests back to the correct AP at my company. If a specific relying party will need to receive BAP exchanges from multiple AP’s at my site, they’ve got to be unique.

 

Rob Philpott
Senior Consulting Engineer 
RSA Security Inc.
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com

From: Steve Anderson [mailto:sanderson@opennetwork.com]
Sent: Thursday, June 24, 2004 1:21 PM
To: Sengul Vurgun; saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] source ID

 

Global uniqueness isn't necessarily required.  At a minimum, the ID that a company uses to identify itself to a partner must be unique at that partner.

 

A recommended technique (described in the SAML Bindings and Profiles document) for generating IDs is to generate a SHA-1 hash of the company's URL.  The URL is unique for that company, and the resultant hash is as well.

--
Steve Anderson
OpenNetwork

-----Original Message-----
From: Sengul Vurgun [mailto:svurgun@yahoo.com]
Sent: Thursday, June 24, 2004 1:03 PM
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] source ID

Hi all,

 

How does one go about getting a company source ID? Do you just generate a random 20 char long string and send it to your customer? Or is this something that needs to adhere to certain encoding rules? Is there a place where companies register their source IDs? I am assuming that these IDs must be globally unique.

 

Thanks.

Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]