[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ws-sx] Issue 101: Need additional SamlToken Assertion Elementsfor Holder-of-Key and Sender-Vouches (and Bearer)
To address issue 101: http://docs.oasis-open.org/ws-sx/issues/Issues.xml#i101 plus the recommendations that have been put forth since the issue was first raised, in particular, the recommendation that the SAML ConfirmationMethod be inferrable from the ws-sp context, and that the bearer confirmation method also be included, I am proposing the text below to follow line 1417 of the version 9 ws-sp spec: http://www.oasis-open.org/committees/download.php/20152/ws-securitypolicy-1.2-spec-ed-01-r09-diff.pdf Proposed text follows between indicators: <start of proposed text> Note: WSS:SAMLTokenProfile1.0 and WSS:SAMLTokenProfile1.1 describe 3 types of SAML Assertion ConfirmationMethods: holder-of-key, sender-vouches, and bearer. The following guidelines may be used to determine which kind of SAML ConfirmationMethod will meet the policy requirements: If the SamlToken Assertion appears within a Security Binding assertion, then it should, in general, be assumed that a SAML holder-of-key assertion is required to satisfy the policy. requirement. If the SamlToken Assertion appears within a SignedSupportingTokens element, which is outside of any Security Binding assertion, then it may be assumed that a SAML sender-vouches assertion will satisfy the policy requirement. If the SamlToken Assertion appears within a SupportingTokens element which is outside of any Security Binding assertion, then it may be assumed that a SAML bearer assertion will satisfy the policy requirement. " <end of proposed text> In addition, a new revision of the Use Cases document will be issued later today containing examples, which incorporate the above usage guidelines. Comments and suggestions are always welcome. Thanks, Rich Levinson
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]