[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Minutes of 19-July SSTC con-call
> **Using SAML Artifacts in the WSS SAML Token Profile > > > <http://lists.oasis-open.org/archives/security-services/200507/msg00011.html>**** > > > > Deferred until Conor provides his use-case > > .. Need to hear Conor's use-case to better understand why > standard reference mechanisms are not sufficient > .. Artifact is typically used only with the HTTP binding. > Looking to hear if there is a SOAP context > .. No construct in SAML 2.0 for artifacts. My use case is as follows... In Liberty, we have a Discovery Service (DS) which return an assertion to a Web Service Consumer (WSC) that can be used by the WSC to invoke a web service provider (WSP). In some cases this assertion includes a subject confirmation of "...:bearer" (which essentially means that as long as the message "bears" the token, it's ok). This is all doable using the current draft of the STP. So, what I am asking about here is the DS issuing an artifact rather than an assertion to the WSC who then includes the artifact when invoking the WSP. The WSP then dereferences the token to obtain the assertion. The benefits here are that the assertion does not need to go through the WSC and the assertion may not need to be signed as the WSP is getting the assertion directly from the IdP/DS. The limitation is that this only works in the case where one was otherwise going to use a bearer token between the WSC and the WSP. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]