[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: [wss] Including SAML AssertionID in the core as a direct IDreference mechanism.]
-------- Original Message --------
Subject: [wss] Including SAML AssertionID in the core as a direct ID
reference mechanism.
Date: Mon, 18 Oct 2004 17:03:11 -0700
From: Vijay Gajjala <vijayg@microsoft.com>
To: wss@lists.oasis-open.org
While reviewing various token profiles, we observed that referencing
SAML tokens in message signatures seems awkward.
SOAP Message security defines three mechanisms for ID references:
* Local ID attributes on XML Signature elements
* Local ID attributes on XML Encryption elements
* Global wsu:Id attributes on elements
Earlier, the TC had concluded that SAML tokens using AssertionID
violated the rules from the core specification and therefore limited
references to using KeyIdentifiers. The recommendation is hence to use
an STR with an STR transform or KeyIdentifier to reference SAML tokens
from within SignedInfo. We would like to propose adding SAML AssertionID
to the list of valid identifiers in section 4 of the core specification
so that SAML AssertionId can be directly referenced.
Vijay
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]