RE: [security-services] Groups-draft-sstc-solution-profile-soap-02.pdfuploaded

[Scott Cantor <cantor.2@osu.edu>]

>Perhaps there isn't a need for every single authentication mechanism to
have
>its own profile, but we need to make sure we can support these mechanisms
>when used with SAML. We are proposing a profile of how WSS can be used with
>SAML. 

Let me clarify my point a little...I'm asking what is special about securing
the SAML request/response protocol with WSS as opposed to any other
SOAP-bound req/resp protocol. I don't see anything specific to SAML
involved.

Secondarily, the SOAP client "profile" as we're calling it now, is a
different beast. It's a specific use case in which the SAML protocol is
bound to SOAP because all the parties speak it. I see no clear reason why
WSS has to be part of that "profile" discussion in the sense that it's
orthogonal. Not that it's not applicable or relevant, simply a different
layer.

-- Scott