RE: [wss-comment] Passing binary data in SAML Assertion Token

["Hal Lockhart" <hlockhar@bea.com>]

A SAML Attribute Statement can contain attributes containing binary values encoded as base64. An application or Authorization Policy can make whatever use it wishes of that information. However, the sender and receiver would have to agree on the format and semantics of the data, by publishing a Profile or by private agreement or some other means.

 

A SAML assertion can also contain binary information (encoded as base64) as a part of the Subject or Subject Confirmation method. For example, a Public key could be included to allow the receiver to subsequently verify the subject's identity by means of a signature.

 

Hal

-----Original Message-----
From: Tony Opatha [mailto:topatha@yahoo.com]
Sent: Friday, September 19, 2003 7:01 PM
To: wss-comment@lists.oasis-open.org
Subject: [wss-comment] Passing binary data in SAML Assertion Token

Is it possible to include binary data in an SAML Assertion token such that

the token is used to identify a SOAP client by inclusion of the token in the

SOAP Security Extension header i.e., <wss:security> element?

 

In the SAML spec it seems like there is a way to pass non-XML application

data that may be processed by a receiving party's security service?

 

It is possible to include binary data in SAML token as part of <saml:Attribute> 

and would conforming WSS SOAP Security implementation accept a SAML

token passed in the SOAP security header with binary token data included in

the Assertion token containing AttributeStatement in binary form?

 

Any help will be appreciated.

---

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software