Re: [saml-dev] SAML, trust and WS.

[Tom Scavo <trscavo@gmail.com>]

On 12/20/05, Alistair Young <alistair@smo.uhi.ac.uk> wrote:
>
> http://www.weblogs.uhi.ac.uk/sm00ay/?p=164
>
> Is the document (at the foot of the page) any use to you? It's at a very
> early stage so not sure which way it will go. We initially looked at the
> contrained delegation profile but there are a few questions, outlined in the
> document.
>
> If you can point out any glaring errors in our approach, it would be most
> helpful!

It's difficult to identify "errors" since the document doesn't get
into much detail.  A couple of observations, however:

- On page 2, it sounds as though the VLE binds its own key to the
message but of course it is the IdP that should bind the key, not the
VLE.  (See [Cantor 2005].)

- In the following paragraph on page 2, it talks about trust between
the VLE and the VFS when in fact it is the trust relationship between
the VFS and the IdP that is important.  I don't believe the VFS need
trust the VLE at all.  The latter is simply a transporter of signed
assertions.

- You mention "SAML Subject" a number of times, but I'll believe it
when I see it (as the old saw goes :).

- The basic thrust of the whitepaper seems to be attribute pull vs.
push.  If you're going to advocate pull, you're going to have to deal
with the name identifier issue.

- Some of your arguments against push are good, others are not so
good.  The claim of "unnecessary overhead" is not really an issue, I
don't think.  The user would need to activate push (by clicking on a
link in the VLE, for instance).  Anything else would be suspect.

- Basic comment is...details, details, details, or rather the lack of
details.  There's too much hand waving.

- Are you thinking SAML 2.0 or SAML 1.1?  If SAML 2.0, what's the
matter with [Cantor 2005].  If SAML 1.1, can you produce an example?

Cheers,
Tom