OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Groups - sstc-saml-holder-of-key-browser-sso-draft-07.pdf (sstc-saml-holder-of-key-browser-sso-draft-07.pdf) uploaded

Introduces dependency upon the holder-of-key assertion profile for the
processing of keying material.  Language tightened and clarified variously
elsewhere.  The major missing piece, if it should be written, is a way to
indicate which keying material is preferred by the service provider.  This
draft is not inclusive of such a piece, but it's not exclusive of it
either.

 -- Mr. Nathan Klingenstein

The document revision named
sstc-saml-holder-of-key-browser-sso-draft-07.pdf
(sstc-saml-holder-of-key-browser-sso-draft-07.pdf) has been submitted by
Mr. Nathan Klingenstein to the OASIS Security Services (SAML) TC document
repository.  This document is revision #6 of
sstc-saml-holder-of-key-browser-sso-draft-01.pdf.

Document Description:
This profile allows for transport and validation of holder-of-key
assertions by standard HTTP user 
agents with no modification of client software and maximum compatibility
with existing 
deployments.  Most of the flows are as in standard Web Browser SSO, but an
x.509 certificate 
presented by the user agent supplies a valid keypair through client TLS
authentication for HTTP 
transactions. Cryptographic data resulting from TLS authentication is used
for holder-of-key 
validation of a SAML assertion.  This strengthens the assurance of the
resulting authentication 
context and protects against credential theft, giving the service provider
fresh authentication and 
attribute information without requiring it to perform successful validation
of the certificate.

View Document Details:
http://www.oasis-open.org/apps/org/workgroup/security/document.php?document_id=29426

Download Document:  
http://www.oasis-open.org/committees/download.php/29426/sstc-saml-holder-of-key-browser-sso-draft-07.pdf

Revision:
This document is revision #6 of
sstc-saml-holder-of-key-browser-sso-draft-01.pdf.  The document details
page referenced above will show the complete revision history.


PLEASE NOTE:  If the above links do not work for you, your email application
may be breaking the link into two pieces.  You may be able to copy and paste
the entire link address into the address field of your web browser.

-OASIS Open Administration

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]