OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - Kerberos Web Browser SSO Profile (sstc-saml-kerberos-browser-sso-draft-02.odt) uploaded

I have a comment and a couple of questions.

Line 16 - Please change my affiliation to Oracle.

The schema file seems to be empty. Is there a schema for this Profile?

The spec (and the X.509 web sso profile as well) stress how using a cryptographic confirmation method is much more secure than the original browser profiles. However, What are the potential benefits of using this Profile as compared to not using SAML at all and simply using a Kerberos enabled Browser and Server? Here is my thinking so far, can anyone add to my list?

1. A SAML Attribute Statement can be carried in the Assertion, thus allowing attributes to be associated with the authenticated identity.

2. It appears that some primary authentication method other than Kerberos could be used and Kerberos could be used only for Subject Confirmation. It's hard to see why this would be useful unless the primary authentication was stronger than Kerberos. Does anyone have a specific scenario in mind around this, or is it just a technical possibility?

(I am going to repeat this question for the X.509 SSO Profile in a separate message.



> -----Original Message-----
> From: hardjono@mit.edu [mailto:hardjono@mit.edu]
> Sent: Monday, February 08, 2010 3:45 PM
> To: security-services@lists.oasis-open.org
> Subject: [security-services] Groups - Kerberos Web Browser SSO Profile
> (sstc-saml-kerberos-browser-sso-draft-02.odt) uploaded
> The document revision named Kerberos Web Browser SSO Profile
> (sstc-saml-kerberos-browser-sso-draft-02.odt) has been 
> submitted by Mr.
> Thomas Hardjono to the OASIS Security Services (SAML) TC document
> repository.  This document is revision #1 of
> sstc-saml-kerberos-browser-sso-draft-1.odt.
> Document Description:
> View Document Details:
> http://www.oasis-open.org/committees/document.php?document_id=36317
> Download Document:  
> http://www.oasis-open.org/committees/download.php/36317/sstc-s
> aml-kerberos-browser-sso-draft-02.odt
> Revision:
> This document is revision #1 of 
> sstc-saml-kerberos-browser-sso-draft-1.odt.
>  The document details page referenced above will show the 
> complete revision
> history.
> PLEASE NOTE:  If the above links do not work for you, your 
> email application
> may be breaking the link into two pieces.  You may be able to 
> copy and paste
> the entire link address into the address field of your web browser.
> -OASIS Open Administration

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]