[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: [wss] Including SAML AssertionID in the core as a direct IDreference mechanism.]
-------- Original Message -------- Subject: [wss] Including SAML AssertionID in the core as a direct ID reference mechanism. Date: Mon, 18 Oct 2004 17:03:11 -0700 From: Vijay Gajjala <vijayg@microsoft.com> To: wss@lists.oasis-open.org While reviewing various token profiles, we observed that referencing SAML tokens in message signatures seems awkward. SOAP Message security defines three mechanisms for ID references: * Local ID attributes on XML Signature elements * Local ID attributes on XML Encryption elements * Global wsu:Id attributes on elements Earlier, the TC had concluded that SAML tokens using AssertionID violated the rules from the core specification and therefore limited references to using KeyIdentifiers. The recommendation is hence to use an STR with an STR transform or KeyIdentifier to reference SAML tokens from within SignedInfo. We would like to propose adding SAML AssertionID to the list of valid identifiers in section 4 of the core specification so that SAML AssertionId can be directly referenced. Vijay
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]