[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Using signed SAML tokens to authorize service access
I've been looking at using SAML tokens signed by the issuer to authorize access to a service. We're planning to use bearer confirmation, and keep the tokens secure by always using secure transport (without any message-level signing or encryption). I've got two questions in regard to this configuration: 1. Can the WS-SecurityPolicy for the services be structured to require the presence of a SAML token signed by a particular issuer (as identified by an X.509 certificate)? 2. Is there anything in the WS-Security specification or related specifications which require services to verify the issuer signature of a SAML token used in this way? Thanks, - Dennis
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]