[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SAML, trust and WS.
Hi, this seems to be something quite important, so do you think SAML will ever try to address those issues, or would it let the two main trends (WS-* and liberty) to deal with this ? Thanks. Giuseppe. -----Original Message----- From: Cahill, Conor P [mailto:conor.p.cahill@intel.com] Sent: 08 December 2005 16:26 To: Sarno, Giuseppe [MOP:GM15:EXCH]; will@javafreelancer.net; saml-dev@lists.oasis-open.org Subject: RE: [saml-dev] SAML, trust and WS. > > could be consumable at multiple destinations using different subject > > confirmations (you can have more than one). > > So what you are saying is we could have the Bearer > ConfirmationMethod for the local SP and a HolderofKey for the > remote WebService. > Are you referring to the Recipient (or address) option (of > SubjecConfirmationData) where we can specify the network for example. > (Core page 19) Both mechanisms are possible but note that you will probably need some out-of-band understanding of what to do with the token at the SP since the SP has to "know" what to do with the token when it submits it to the web service (e.g. the SP could look at the token and just see that it has a bearer confirmation and try to use that when it should use the HoK and I don't think there's a way to say in SAML that the SP should use one vs the other confirmation method when using the token). Liberty handles this by having a separate data element outside of the assertion that instructs the SP on what security mechanism should be used when invoking the WS. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]