[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] WSDL Description of SAML SOAP protocol binding
Irving, It nice to see that SAML is embracing Web Services. The logical question is: Why don't you use it as well given the enormous advantages you would get? Using the current SAML (non WS-bindings): If the target URL is wrong or the target server does not respond, the *user* if left with the misery and without the source site [the user's administrator] knowing it. That makes SAML only suitable for closed scenarios. Note: Shib does AFAIK not have this problem, only plain-vanilla SAML based on bindings-06. In OBI Express (tm), which will be the worlds first plug-and-play e-commerce standard, we augmented SAML (some sort of) with "WebServices" and got a much, much better system with respect to robustness, user-friendliness, and administration. Due to the extension mechanisms in SAML I think we will still be able to call us SAML-compliant! Anders Rundgren Trademarks: OBI is a trademark of CommerceNet ----- Original Message ----- From: "Irving Reid" <Irving.Reid@baltimore.com> To: <security-services@lists.oasis-open.org> Sent: Wednesday, November 14, 2001 07:13 Subject: [security-services] WSDL Description of SAML SOAP protocol binding Here is the WSDL specification I presented at F2F5. As I said, I haven't actually run this through a WSDL consumer that supports all the features I'm trying to use, so it may need some tweaking. - irving - <?xml version="1.0"?> <definitions name="SAMLProtocol" targetNamespace="http://www.oasis-open.org/committees/security/docs/WSDLdefi nitions.wsdl" xmlns:tns="http://www.oasis-open.org/committees/security/docs/WSDLdefinition s.wsdl" xmlns:samlp="http://www.oasis-open.org/committees/security/docs/draft-sstc-s chema-protocol-19.xsd" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns="http://schemas.xmlsoap.org/wsdl/"> <import namespace="http://www.oasis-open.org/committees/security/docs/draft-sstc-sch ema-protocol-19.xsd" location="http://www.oasis-open.org/committees/security/docs/draft-sstc-sche ma-protocol-19.xsd" /> <!-- The body of the request is exactly a samlp:Request --> <message name="SAMLRequestMessage"> <part name="body" element="samlp:Request"/> </message> <!-- The body of the corresponding response is exactly a samlp:Response --> <message name="SAMLResponseMessage"> <part name="body" element="samlp:Response"/> </message> <!-- And the request-response protocol goes like this --> <portType name="SAMLRequestPortType"> <operation name="SAMLRequest"> <input message="tns:SAMLRequestMessage"/> <output message="tns:SAMLResponseMessage"/> </operation> </portType> <!-- This describes how the request-response maps onto SOAP --> <binding name="SAMLRequestSoapBinding" type="tns:SAMLRequestPortType"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <operation name="SAMLRequest"> <soap:operation soapAction="http://www.oasis-open.org/committees/security/SAMLRequest"/> <input> <soap:body use="literal" namespace="http://www.oasis-open.org/committees/security/docs/draft-sstc-sch ema-protocol-19.xsd" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> </input> <output> <soap:body use="literal" namespace="http://www.oasis-open.org/committees/security/docs/draft-sstc-sch ema-protocol-19.xsd" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> </output> </operation> </binding> <!-- And this says that the SOAP service is available at a particular URL --> <service name="SAMLRequestService"> <documentation>This is the only per-installation data</documentation> <port name="SAMLRequestPort" binding="tns:SAMLRequestSoapBinding"> <soap:address location="http://my.org/SAMLServer"/> </port> </service> </definitions> ----------------------------------------------------------------------------------------------------------------- The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. In addition, certain Marketing collateral may be added from time to time to promote Baltimore Technologies products, services, Global e-Security or appearance at trade shows and conferences. This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses. ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC