OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-03.odt

Tom Scavo wrote:
> Scott, can you provide pointers to the profile (or profiles) you're
> referring to?

I have, many times.

http://www.projectliberty.org/liberty/content/download/3433/22925/file/liberty-idwsf-2.0-20070709.zip

The SAML Token Service profile and SOAP binding specs do exactly what you 
want for SOAP applications. An HTTP binding spec for HTTP applications would 
be a simple matter, but I believe an HTTP-based token service is unnecessary 
and counter-productive because HTTP isn't an adequate framework for client 
authentication anyway.

The "overhead" of using ID-WSF in a conforming manner to perform 
AuthnRequests with certificate or password-based security amounts to 
probably 2 meaningless SOAP headers.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]