OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] SAML, trust and WS.

> ...how other people have used this or
> intend to use and which are the market trends...

the organization that i am currently working with are implementing 
a scenario similar to what you described. essentially, a browser 
client starts off (after portal authentication) with a 
custom/app-specific security token which gets exchanged for a saml 
1.1 sso token. that sso token then eventually gets exchanged for a 
ws-security saml token. there is a "back channel" between a 
business web service proxy and our saml-based security service. 
this approach wasn't my call, i hasten to add. i just work there 

they call their implementation "saml-based" but it is not strictly 
saml-conformant. now that i have been exposed to their 
non-conformant approach, i am fanatically interested in 
understanding the conformant way to implement a saml solution 
because i do not want my understanding of the specs shaped solely 
by "the wrong way to do it" (if you know what i mean).

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]