RE: RSA SAML Interop info

["Philpott, Robert" <rphilpott@rsasecurity.com>]

Title: RSA SAML Interop info

Good catch – Here are the specific requirements for what it contains:

·         The bearer <SubjectConfirmation> element described above MUST contain a <SubjectConfirmationData> element that contains a Recipient attribute containing the service provider's assertion consumer service URL and a NotOnOrAfter attribute that limits the window during which the assertion can be delivered. It MAY contain an Address attribute limiting the client address from which the assertion can be delivered. It MUST NOT contain a NotBefore attribute. If the containing message is in response to an <AuthnRequest>, then the InResponseTo attribute MUST match the request's ID.

I recommend that we NOT try to include the “Address” attributes.

 

Rob Philpott
Senior Consulting Engineer 
RSA Security Inc.
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com

---

From: Thomas Wisniewski [mailto:Thomas.Wisniewski@entrust.com]
Sent: Thursday, January 27, 2005 9:37 PM
To: Ciochon, Robert; samldemotech
Subject: RE: RSA SAML Interop info

 

Bob, one correction on the doc. Section 5.1, item 3b. The SAML spec requires that the SubjConfData element be there. So s/MUST NOT/MUST or remove this item completely.

 

Tom.

-----Original Message-----
From: Ciochon, Robert [mailto:Robert.Ciochon@ca.com]
Sent: Thursday, January 27, 2005 8:31 PM
To: samldemotech
Subject: RSA SAML Interop info

Hi,
Attached is an updated version of the guidelines with the changes we have discussed via the conference calls and emails, an etc/hosts file and a spreadsheet with the base information for each vendor.  Please notify me if anything is not correct.

Regards,
Bob
<<Vendor_info.xls>> <<RSA2005-saml-interop.doc>> <<hosts>>

Robert Ciochon
eTrust Development Manager
Computer Associates
San Diego, California
(858) 625-6866
robert.ciochon@ca.com