OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] SAML, trust and WS.

this seems to be something quite important,
so do you think SAML will ever try to address those issues,
or would it let the two main trends (WS-* and liberty) to deal with this


-----Original Message-----
From: Cahill, Conor P [mailto:conor.p.cahill@intel.com] 
Sent: 08 December 2005 16:26
To: Sarno, Giuseppe [MOP:GM15:EXCH]; will@javafreelancer.net;
Subject: RE: [saml-dev] SAML, trust and WS.


> > could be consumable at multiple destinations using different subject

> > confirmations (you can have more than one).
> So what you are saying is we could have the Bearer
> ConfirmationMethod for the local SP and a HolderofKey for the 
> remote WebService.
> Are you referring to the Recipient (or address) option (of
> SubjecConfirmationData) where we can specify the network for example.
> (Core page 19)

Both mechanisms are possible but note that you will probably need some
out-of-band understanding of what to do with the token at the SP since
the SP has to "know" what to do with the token when it submits it to the
web service (e.g. the SP could look at the token and just see that it
has a bearer confirmation and try to use that when it should use the HoK
and I don't think there's a way to say in SAML that the SP should use
one vs the other confirmation method when using the token).

Liberty handles this by having a separate data element outside 
of the assertion that instructs the SP on what security mechanism should
be used when invoking the WS.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]