[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] How to provide SAML assertions in RESTful services
> In defining a RESTful AP to a healthcare service, that really needs a SAML > identity assertion to enable access controls on the service-provider > (RESTful service provider). When using SOAP, this is easily done with WS- > Security, but I am struggling with how to specify how a SAML assertion would > be carried to the relying-party on the RESTful request. The browser-sso- > profile doesn't work well for non-browser transactions. Is there a > recommendation on how to do this? Mine is ECP. It works quite naturally. It isn't formally specified for use with a holder of key assertion, but it composes fine with that approach, in addition to bearer use. It also works with SOAP services, certainly much more effectively than WS-Security. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]