[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Groups - sstc-saml-holder-of-key-browser-sso-draft-07.pdf (sstc-saml-holder-of-key-browser-sso-draft-07.pdf) uploaded
Introduces dependency upon the holder-of-key assertion profile for the processing of keying material. Language tightened and clarified variously elsewhere. The major missing piece, if it should be written, is a way to indicate which keying material is preferred by the service provider. This draft is not inclusive of such a piece, but it's not exclusive of it either. -- Mr. Nathan Klingenstein The document revision named sstc-saml-holder-of-key-browser-sso-draft-07.pdf (sstc-saml-holder-of-key-browser-sso-draft-07.pdf) has been submitted by Mr. Nathan Klingenstein to the OASIS Security Services (SAML) TC document repository. This document is revision #6 of sstc-saml-holder-of-key-browser-sso-draft-01.pdf. Document Description: This profile allows for transport and validation of holder-of-key assertions by standard HTTP user agents with no modification of client software and maximum compatibility with existing deployments. Most of the flows are as in standard Web Browser SSO, but an x.509 certificate presented by the user agent supplies a valid keypair through client TLS authentication for HTTP transactions. Cryptographic data resulting from TLS authentication is used for holder-of-key validation of a SAML assertion. This strengthens the assurance of the resulting authentication context and protects against credential theft, giving the service provider fresh authentication and attribute information without requiring it to perform successful validation of the certificate. View Document Details: http://www.oasis-open.org/apps/org/workgroup/security/document.php?document_id=29426 Download Document: http://www.oasis-open.org/committees/download.php/29426/sstc-saml-holder-of-key-browser-sso-draft-07.pdf Revision: This document is revision #6 of sstc-saml-holder-of-key-browser-sso-draft-01.pdf. The document details page referenced above will show the complete revision history. PLEASE NOTE: If the above links do not work for you, your email application may be breaking the link into two pieces. You may be able to copy and paste the entire link address into the address field of your web browser. -OASIS Open Administration
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]