[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-03.odt
Tom Scavo wrote: > Scott, can you provide pointers to the profile (or profiles) you're > referring to? I have, many times. http://www.projectliberty.org/liberty/content/download/3433/22925/file/liberty-idwsf-2.0-20070709.zip The SAML Token Service profile and SOAP binding specs do exactly what you want for SOAP applications. An HTTP binding spec for HTTP applications would be a simple matter, but I believe an HTTP-based token service is unnecessary and counter-productive because HTTP isn't an adequate framework for client authentication anyway. The "overhead" of using ID-WSF in a conforming manner to perform AuthnRequests with certificate or password-based security amounts to probably 2 meaningless SOAP headers. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]