OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] SAML, trust and WS.


 

> a) SPA to do SSO with IDPA and so get an Assertion(SSO).
> b) ResourceA  actually now needs to invoke WebServiceA but he 
> now needs an WS assertion. So he will then need a new Assertion ?

Usually yes, although it is possible that the same assertion 
could be consumable at multiple destinations using different
subject confirmations (you can have more than one).

> The problem here is how can I bundle this together ? 
> If I don't bootstrap from SSO how can I get the WebService 
> Assertion (SAML Token) ?

Well, either you bootstrap from SSO or you require that the
user authenticate to you directly -- otherwise how do you know
who the user is?

In Liberty ID-WSF this is solved by defining an attribute
added to the SSO assertion which contains a EPR for the 
user's discovery service.  The SP can then access the DS
and retrieve the necessary information to invoke the 
web service to get at resource data.

Conor



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]