OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Including SAML AssertionID in the core as a direct ID reference mechanism.

While reviewing various token profiles, we observed that referencing SAML tokens in message signatures seems awkward. 


SOAP Message security defines three mechanisms for ID references:

  • Local ID attributes on XML Signature elements
  • Local ID attributes on XML Encryption elements
  • Global wsu:Id attributes on elements


Earlier, the TC had concluded that SAML tokens using AssertionID violated the rules from the core specification and therefore limited references to using KeyIdentifiers. The recommendation is hence to use an STR with an STR transform or KeyIdentifier to reference SAML tokens from within SignedInfo. We would like to propose adding SAML AssertionID to the list of valid identifiers in section 4 of the core specification so that SAML AssertionId can be directly referenced.




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]