OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: AI 0229: Suggest support for passing SAML URI Reference to WSS

I had taken an action to verify that the WSS STP 1.1 draft supported 
SAML URI references, and, if not, what changes were needed.

Section 3.4 of WSS 1.1 STP (366-371) states:

A reference to a SAML V2.0 assertion that is NOT contained in the same 
message MUST be a Direct
or URI reference. In this case, the value of the URI attribute must 
conform to the URI syntax defined in
section of [SAMLBindV2]. That is, an HTTP or HTTPS request with 
a single query string
parameter named ID. The reference MUST also contain a wsse11:TokenType 
attribute and the
value of this attribute MUST be the value from Table 3 identifying the 
assertion as a SAML V2.0
security token. When a Direct reference is made to a SAML V2.0 
Assertion, the Direct reference
SHOULD NOT contain a ValueType attribute.

This is pretty much what was sought in the discussion: ability to 
transfer a reference in the form of:

<wsse:SecurityTokenReference wsu:Id="abc" 
URI="http://www.samlservice.org/getAssertion?ID=12haytd"; />

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]