OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] How to provide SAML assertions in RESTful services


> In defining a RESTful AP to a healthcare service, that really needs a SAML
> identity assertion to enable access controls on the service-provider
> (RESTful service provider). When using SOAP, this is easily done with WS-
> Security, but I am struggling with how to specify how a SAML assertion
would
> be carried to the relying-party on the RESTful request. The browser-sso-
> profile doesn't work well for non-browser transactions. Is there a
> recommendation on how to do this?

Mine is ECP. It works quite naturally. It isn't formally specified for use
with a holder of key assertion, but it composes fine with that approach, in
addition to bearer use.

It also works with SOAP services, certainly much more effectively than
WS-Security.
 
-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]