[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] Comments on SAML Token Profile
Ramana Turlapati wrote: >1. The example for "sender-vouches" use case seems really complex. Can this >be substituted with something simpler, say Scenario III from interop draft? >or alternatively line by line documentation for the current example might >help. > Ramana, You are the second person to ask for a clarification of the sender-vouches "example". I will add some more explanatory text to the paragraph preceding the example. below, I have pasted the response I sent when a simialr comment was made. > The sender-vouches example in 3.4.2.3 is perhaps a little more than it > seems. > > The example uses only SAML assertions, and thus there is > a holder-of-key assertion (referenced by STR 2) from keyInfo that is > being used to carry the key of the vouching sender. The sender-vouches > confirmed assertion is referenced from SignedInfo (by id = "#STR1") and > is being signed by the key in the holder-of-key assertion. > > The example could have used a keyIdentifier reference to an X509 cert > from > KeyInfo, but as I noted above, I was trying to show an all SAML example. > >2. Profile does not cover SAML "Bearer" tokens. Is this scoped for future? > > The profile requires support for the sender-vouches and holder-of-key confirmation mechanisms. It does not preclude the inclusion or referencing of assertions with other confirmation mechanisms (including bearer) . It does not not profile the confirmation semantics relating to other confirmation mechanisms. If the TC wishes to add a requirement that implementors of the profile support specific confirmation semantics for other confirmation mechanisms (e.g. "bearer") then we will add them to the profile. Thanks for the comments, and I hope that my answers are satisfactory, Ron >Thanks > >/T$R >(Ramana Turlapati) > > >To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php. > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]