ws-sx message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [ws-sx] Issue 101: Need additional SamlToken Assertion Elements forHolder-of-Key and Sender-Vouches (and Bearer)
- From: Anthony Nadalin <drsecure@us.ibm.com>
- To: Rich Levinson <rich.levinson@oracle.com>
- Date: Wed, 27 Sep 2006 09:06:21 -0500
The issue here is that this proposal now adds implied processing semantics.
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Rich Levinson <rich.levinson@oracle.com>
Rich Levinson <rich.levinson@oracle.com>
09/12/2006 03:59 PM
|
|
To address issue 101:
http://docs.oasis-open.org/ws-sx/issues/Issues.xml#i101
plus the recommendations that have been put forth since the
issue was first raised, in particular, the recommendation that
the SAML ConfirmationMethod be inferrable from the
ws-sp context, and that the bearer confirmation method
also be included, I am proposing the text below to
follow line 1417 of the version 9 ws-sp spec:
http://www.oasis-open.org/committees/download.php/20152/ws-securitypolicy-1.2-spec-ed-01-r09-diff.pdf
Proposed text follows between indicators:
<start of proposed text>
Note: WSS:SAMLTokenProfile1.0 and WSS:SAMLTokenProfile1.1
describe 3 types of SAML Assertion ConfirmationMethods: holder-of-key,
sender-vouches, and bearer. The following guidelines may be used to
determine which kind of SAML ConfirmationMethod will meet the policy
requirements:
If the SamlToken Assertion appears within a Security Binding
assertion,
then it should, in general, be assumed that a SAML holder-of-key
assertion
is required to satisfy the policy. requirement.
If the SamlToken Assertion appears within a SignedSupportingTokens
element,
which is outside of any Security Binding assertion, then it may be
assumed that a
SAML sender-vouches assertion will satisfy the policy requirement.
If the SamlToken Assertion appears within a SupportingTokens
element which
is outside of any Security Binding assertion, then it may be
assumed that a
SAML bearer assertion will satisfy the policy requirement. "
<end of proposed text>
In addition, a new revision of the Use Cases document will be issued
later today
containing examples, which incorporate the above usage guidelines.
Comments and suggestions are always welcome.
Thanks,
Rich Levinson
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]