OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - SAML V2.0 Profile for Mandator Credentials (sstc-mandator credentials profile- v0.8.pdf) uploaded

My comments on the call were essentially that the "typical" way people carry user credentials of various kinds in SAML is to put them into SAML Attributes rather than as a distinct extension or a new statement type.

People have certainly used that to carry username/password information, but there's no standard way to do it. It usually doesn't matter because the data for that is treated as simple strings, but for more complex credentials, one would need to define more of a standard. The one example I can point to is the Kerberos attribute profile:


Regardless, you have to define specific syntax for how to carry credentials of specific types. You can't just leave it generic, or you won't have any interoperability. Attribute profiles are a means to address that, by defining specific attribute names and associated rules for values.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]