OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Using signed SAML tokens to authorize service access

I've been looking at using SAML tokens signed by the issuer to authorize 
access to a service. We're planning to use bearer confirmation, and keep 
the tokens secure by always using secure transport (without any 
message-level signing or encryption). I've got two questions in regard 
to this configuration:

1. Can the WS-SecurityPolicy for the services be structured to require 
the presence of a SAML token signed by a particular issuer (as 
identified by an X.509 certificate)?

2. Is there anything in the WS-Security specification or related 
specifications which require services to verify the issuer signature of 
a SAML token used in this way?

Thanks,

  - Dennis

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]