OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Antwort: RE: [saml-dev] Overlap SAML 2.0 and WS-Trust

> You can interpret the artifact as a security token also which can be
> validated (validate binding) and transformed.

I think that conflates issues and confuses the function of an artifact,
which is not an assertion reference, but a SAML message reference.

> The reverse is only true if the security token is SAML. WS-Trust is
> designed to handle not only SAML but also other kind of security tokens.

SAML handles all token types by bridging to them via subject confirmation.
It simply puts the details WS-Trust copies into its protocol layer into the
assertion. It's a different approach, not different functionality for the
most part. (Of course there are lots of WS-* specs at higher levels that
address things SAML doesn't.)
> IMHO, WS-Trust is the cleaner and token agnostic approach for some SAML
> bindings than the current SAML specification and I'd appreciate to see a
> discussion around that - if not already started.

I think Chad laid out my feelings about WS-Trust fairly well. I think
standardizing the token is a better design than trying to model everything
at the protocol layer, and as a practical matter, I haven't seen demand or
uptake in my community for WS-Trust, so my feelings don't really enter into
it that much.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]