OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: SAML Browser Profiles Metadata


Colleagues -
As promised, I have published draft 02 of SAML BrowserProfiles Metadata. This draft heavily borrows from Liberty 1.2 metadata spec, draft 1.0-06. The documents are in Kavi and available for review. Please see http://www.oasis-open.org/apps/org/workgroup/security/download.php/1734/draft-sstc-saml-meta-data-02.pdf (an MS word version is also available). I have also uploaded the schema document that appears in section 3 of this document as an xsd file (see http://www.oasis-open.org/apps/org/workgroup/security/download.php/1736/draft-sstc-schema-meta-data-02.xsd.xml)
 
Below I attempt to answer some questions that may come up:
 
Where is Source ID for Artifact source?
Per Liberty specifications, the source ID is a SHA-1 hash of the provider ID, which is a required attribute of the source
 
Where is the designation for Issuer?
The issuer of a SAML assertion MUST have the same value of the provider ID.
 
Why would a destination (Service Provider) that supports both browser profiles have to provide two descriptors?
This is required to avoid designating a new element "ArtifactReceiverURL". I.e., we have overloaded AssertionConsumerURL for both browser profiles.
 
Where is the designation for NameIdenifierFormat?
It is not explicitly designated. It can be specified in the catch-all "Extension" element.
 
What happened to the various trust models?
In the interest of time I have not specified trust models. Given the practical experience with two interops, it appears that exchanging SSL certificates (both client and server) is the de facto trust model.
 
 
Thanks,
Jahan

----------------
Jahan Moreh
Chief Security Architect
310.286.3070

 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]