OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: SAML usage in current IETF Internet Drafts


This is just an FYI of present state wrt IETF employment of SAML. The (cursory) 
analysis is both on my blog and attached...

A Passel of IETF Internet-Drafts Reference SAML
http://identitymeme.org/archives/2006/10/11/a-passel-of-ietf-internet-drafts-reference-saml/


JeffH


file:saml-internet-drafts-analyzed-2006-10-04-1500h.txt 
editor: Jeff Hodges

-------
SUMMARY
-------

This is based on a grep of current IETF Internet-Drafts for the term "SAML" as
of 2006-10-04-1500h. As of 2006-10-09, the list of "hits" hadn't changed. 

Here is a brief characterization of the sort of SASL usage in the I-Ds:


SUBSTANTIVE SAML employment:             8
Some SAML Incorporation:                10
SAML referenced "in passing":           10


the drafts:

draft-alfano-aaa-qosprot-05.txt
draft-elwell-sip-tispan-connected-identity-01.txt
draft-fries-msec-mikey-applicability-00.txt
draft-fries-sipping-identity-enterprise-scenario-02.txt
draft-froment-sipping-spit-authz-policies-01.txt
draft-greco-sipping-roaming-00.txt
draft-guenther-geopriv-saml-policy-01.txt
draft-gurbani-sip-tls-use-00.txt
draft-gutmann-keycont-00.txt
draft-hartman-webauth-00.txt
draft-hodges-saml-lsso-00.txt
draft-housley-tls-authz-extns-07.txt
draft-ietf-msec-mikey-applicability-02.txt
draft-ietf-opsec-efforts-04.txt
draft-ietf-sip-saml-00.txt
draft-jennings-sip-charter-01.txt
draft-jennings-sipping-pay-04.txt
draft-klensin-rfc2821bis-00.txt
draft-lendl-domain-policy-ddds-02.txt
draft-merrells-dix-02.txt
draft-merrells-dix-assertion-00.txt
draft-niccolini-sipping-feedback-spit-02.txt
draft-rocky-sipping-override-barring-00.txt
draft-santesson-tls-supp-02.txt
draft-sasaki-sipping-tispan-adhoc-summary-00.txt
draft-schubert-sipping-saml-cpc-02.txt
draft-schwartz-sipping-spit-saml-01.txt
draft-shirey-secgloss-v2-07.txt
draft-tschofenig-dime-diameter-qos-00.txt
draft-tschofenig-enroll-bootstrapping-saml-02.txt
draft-tschofenig-nsis-gist-security-01.txt
draft-tschofenig-radext-qos-03.txt
draft-winterbottom-geopriv-held-sighting-00.txt
draft-winterbottom-http-location-delivery-03.txt



Details:

------------------------------------------
SUBSTANTIVE SAML employment

e.g. use/employment of SAML is the focus of
the spec

count: 8
------------------------------------------


draft-hodges-saml-lsso-00.txt:12:
               SAMLv2 Lightweight Web Browser SSO Profile
                                    .
                                    .
                                    .

                                    
                                    
draft-merrells-dix-02.txt
draft-merrells-dix-assertion-00.txt
                   .
                   .
                   .

[don't know if these dix specs will go anywhere]




draft-guenther-geopriv-saml-policy-01.txt:9:
                     SAML in Authorization Policies
   express conditions with respect to SAML assertions, thereby
Internet-Draft       SAML in Authorization Policies            July 2005
   4.   SAML Condition Example . . . . . . . . . . . . . . . . . . .   6
   5.   SAML Condition Schema  . . . . . . . . . . . . . . . . . . .   9
                                                        .



draft-ietf-sip-saml-00.txt:15:
                      SIP SAML Profile and Binding
                                 .
                                 .
                                 .



draft-schubert-sipping-saml-cpc-02.txt:14:
                      Conveying CPC using the SAML
                                     .
                                     .
                                     .


draft-schwartz-sipping-spit-saml-01.txt:15:
                    Assertion Markup Language (SAML)
Internet-Draft         SPIT Prevention using SAML              June 2006
   the Security Assertion Markup Language (SAML) to warrant certain
     4.3.  Using SAML to Embed Security Attributes  . . . . . . . . .  8
                            .
                            .
                            .

draft-tschofenig-enroll-bootstrapping-saml-02.txt:77:
   5.  Obtaining a SAML Artifact/Assertion  . . . . . . . . . . . . . 13
     5.1.  SAML Artifact transport in EAP methods . . . . . . . . . . 13
     5.2.  SAML Artifact transport in PANA  . . . . . . . . . . . . . 13
   the Security Assertion Markup Language (SAML).  For details about
   SAML see [1], [2], [3] and [22].  Please note that it would be
   Authorization Certificates are more limited than SAML mainly because
   an authorization transport mechanism like SAML.
   aims to describe how the SAML could be used to provide the user
   however, in this draft the usage of SAML has been taken into account,
   Two scenarios are meant to illustrate the functionality of SAML for
   This scenario exploits the inclusion of SAML for SIP which has been
        |       INVITE + SAML Artifact                 |
                           .
                           .



------------------------------------------
Some SAML Incorporation:

e.g. SAML employed as an alternative "token"
format, and described/spec'd in a subsection
or three -- SAML employment/profiling is not
the focus of the spec. 

NOTE: the ref'd specs could be substantive

count: 10
------------------------------------------



draft-fries-msec-mikey-applicability-00.txt:81:
     4.2.  SAML assisted DH-key agreement . . . . . . . . . . . . . .  9
   o  SAML assisted Diffie-Hellman key agreement as defined [Reference
      to draft-moskowitz-MIKEY-SAML-DH]
4.2.  SAML assisted DH-key agreement
   This document [Reference to draft-moskowitz-MIKEY-SAML-DH] is
   Diffie-Hellman key and the ID using the SAML (Security Association
   Markup Language, [SAML_overview]) approach.  Here the client's public
   Diffie-Hellman-credentials are signed by the server to form a SAML
   [SAML_overview]
              Language (SAML) 2.0 Technical Overview, Working Draft"",
              



draft-greco-sipping-roaming-00.txt:11:
                      SIP and SAML roaming profile
Internet-Draft        SIP and SAML roaming profile        September 2006
   (SAML) protocol and the Session Initiation Protocol (SIP).
   4.  Roaming SAML profile . . . . . . . . . . . . . . . . . . . . . 11
     4.2.  SAML roaming assertion . . . . . . . . . . . . . . . . . . 13




draft-hartman-webauth-00.txt:417:   
Assertion Markup Language (SAML) is used to carry assertions (claims)
   Security Assertion Markup Language (SAML) assertions.  Since the
   Kerberos server (KDC) is the SAML Authority.  This will be much
   4.  An authorization data element needs to be defined to carry SAML
   party.  SAML is proposed as a mechanism to do this.  In order to use
   SAML, a profile of SAML for this application needs to be created.
   An alternative that has been proposed is a SAML GSS-API mechanism
   unless the SAML is inside the Kerberos ticket, then the client is
   responsible for binding the SAML assertions to the Kerberos exchange
   
   
   
   
draft-housley-tls-authz-extns-07.txt:305:   
(SAML) [SAML1.1][SAML2.0].
   is a SAML Assertion; however, the SAML Assertion is fetched with the
   intended SAML Assertion is obtained.
            case saml_assertion:         SAMLAssertion;
      opaque SAMLAssertion<1..2^16-1>;
3.3.2. SAML Assertion
                                                        .



draft-ietf-msec-mikey-applicability-02.txt:79:     
3.6.  SAML assisted DH-key agreement . . . . . . . . . . . . . . 10
   o  SAML assisted Diffie-Hellman key agreement as defined [Reference
      to draft-moskowitz-MIKEY-SAML-DH] (MIKEY-DHSAML)
3.6.  SAML assisted DH-key agreement
   This document [Reference to draft-moskowitz-MIKEY-SAML-DH] is
   Diffie-Hellman key and the ID using the SAML (Security Association
   Markup Language, [SAML_overview]) approach.  Here the client's public
   Diffie-Hellman-credentials are signed by the server to form a SAML
   [SAML_overview]
              Language (SAML) 2.0 Technical Overview, Working Draft"",
              



draft-jennings-sipping-pay-04.txt:63:
   Assertion Markup Language (SAML).  It relies on a third party to act
     1.1.  SAML Payment Scenario using Assertions . . . . . . . . . .  4
     1.2.  SAML Payment Scenario using URI References . . . . . . . .  5
                                                        .



draft-lendl-domain-policy-ddds-02.txt:245:
   featured policy description language like SAML [13] or XACML [14].
   o  A record with policy-type "saml" shall contain an URL of a SAML
         (SAML) V2.0 Technical Overview", July 2005.



draft-rocky-sipping-override-barring-00.txt:48:
   each type of the functionalities. Some methods such as SAML, CPC,
   3.1.1 A solution based on SAML.....................................4
   Security Assertion Markup Language (SAML) [I-D.saml-tech-overview-
   being developed by SSTC of OASIS. SAML is a XML-based framework for
   SIP-SAML [I-D.draft-tschofenig-sip-saml-04] gives a method for using
   SAML in collaboration with SIP to accommodate richer authorization
   particular, it provides a way for SIP to refer to SAML objects, and
   for recipients of SIP messages to use SAML in order to make more
   based on SAML and another is on an extension header. More possible
3.1.1 A solution based on SAML
   SAML is a XML-based framework for creating and exchanging security
        |             | SAML artifact|              |             |
        |             |   INVITE + SAML artifact    |             |
        |             |              | SAML request |             |
        |             |              | SAML response + Assertion  |




draft-winterbottom-http-location-delivery-03.txt:94:
       5.5.2.  SAML "Assertion" or "EncryptedAssertion" Element . . . 22
   verified.  A SAML assertion MAY be provided in place of this element.
5.5.2.  SAML "Assertion" or "EncryptedAssertion" Element
   This element is taken from SAML 2.0 Core [OASIS.saml-core-2.0-os],
   "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress".
   sign-on profile of SAML, identified by
   "urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser".  This profile is
       xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
     <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"/>
              Markup Language (SAML) V2.0", OASIS Security Services TC
              Security Assertion Markup Language (SAML) V2.0", OASIS




draft-winterbottom-geopriv-held-sighting-00.txt:96:
       5.5.2.  SAML "Assertion" or "EncryptedAssertion" Element . . . 22
   verified.  A SAML assertion MAY be provided in place of this element.
5.5.2.  SAML "Assertion" or "EncryptedAssertion" Element
   This element is taken from SAML 2.0 Core [OASIS.saml-core-2.0-os],
   "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress".
   sign-on profile of SAML, identified by
   "urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser".  This profile is
       xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
     <xs:import namespace="urn:oasis:names:tc:SAML:2.0:assertion"/>
              Markup Language (SAML) V2.0", OASIS Security Services TC
              Security Assertion Markup Language (SAML) V2.0", OASIS





------------------------------------------
SAML referenced "in passing" 

NOTE: tho the SAML mentions are non-substantive
themselves, there's other specs sometimes ref'd
in the SAML context that may be substantive

count: 15
------------------------------------------


draft-alfano-aaa-qosprot-05.txt:2482:
              Tschofenig, H., "Using SAML for SIP",
     
          
              
draft-elwell-sip-tispan-connected-identity-01.txt:246:
   Option 4: Longer term it is possible that SAML could also be used to
   additional roundtrip) and option 4 (using SAML).  Option 3 adds a
 


draft-fries-sipping-identity-enterprise-scenario-02.txt:76:
     A.2.  Enhancements to SIP Identity using SIP SAML  . . . . . . .  9
              Tschofenig, H., "Using SAML for SIP",
A.2.  Enhancements to SIP Identity using SIP SAML
   A document supporting this approach is provided in SIP-SAML
   [I-D.tschofenig-sip-saml], which enables SAML assertions and



draft-froment-sipping-spit-authz-policies-01.txt:66:
   SAML assertions (as introduced with SIP-SAML) and by the SPIT-SAML
              Tschofenig, H., "SIP SAML Profile and Binding",
              (SAML)", draft-schwartz-sipping-spit-saml-00 (work in
              

draft-gurbani-sip-tls-use-00.txt:302:
   Certificates [4] or SAML be more appropriate here?



draft-gutmann-keycont-00.txt:413:
purpose security assertion language such as KeyNote [REF] or SAML [SAML].
[SAML] "Security Assertion Markup Language (SAML), Version 1.0", OASIS XML-



draft-ietf-opsec-efforts-04.txt:173:
     6.26. OASIS Security Services (SAML) TC  . . . . . . . . . . . . 28
6.26.  OASIS Security Services (SAML) TC
   Markup Language (SAML) as an OASIS standard.  SAML is an XML



draft-jennings-sip-charter-01.txt:242:
   4.  Guidelines for the use of descriptive techniques such as SAML
   Sep 2007 Using SAML for SIP to WGLC (PS)
   Dec 2007 Using SAML for SIP to IESG (PS)
   
   
   
draft-klensin-rfc2821bis-00.txt:2330:   
transactions in a session.  MAIL (or SEND, SOML, or SAML) MUST NOT be
   processing the obsolete SEND, SOML, or SAML commands) and use a null
   MAIL, SAML, etc., commands) or "forward" (RCPT) addresses in the SMTP
   commands (SEND, SAML, SOML) were rarely implemented, and changes in
   Clients SHOULD NOT provide SEND, SAML, or SOML as services.  Servers

   


draft-niccolini-sipping-feedback-spit-02.txt:691:
        Assertion Markup Language (SAML)",



draft-santesson-tls-supp-02.txt:69:
   another proposal transfers attribute certificates and SAML assertions



draft-sasaki-sipping-tispan-adhoc-summary-00.txt:191:
      address this issue with SAML assertions would be a more favorable
      the SAML based approach.



draft-tschofenig-dime-diameter-qos-00.txt:2538:
              Tschofenig, H., "Using SAML for SIP",



draft-tschofenig-nsis-gist-security-01.txt:1601:
   o  Integration with SAML/Liberty infrastructure [SAMLOverview].
   [SAMLOverview]
              Language (SAML) V2.0 Technical Overview", OASIS
              


draft-tschofenig-radext-qos-03.txt:1013:
      SAML as outlined in [18] and [19].  The structure of the token is
   [19]  Tschofenig, H., "SIP SAML Profile and Binding",





==============================================================================
end



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]