Search This Blog

Wednesday, December 12, 2007

OASIS SAML TC Releases Bindings and Profile Specifications for Review

OASIS announced that the Security Services (SAML) Technical Committee
has released five approved Committee Draft specifications for public
review. These specifications are followon deliverables to SAML version
2.0. (1) "SAMLv2.0 HTTP POST 'SimpleSign' Binding" provides an addition
to the bindings described in "Bindings for the OASIS Security Assertion
Markup Language (SAML) V2.0." It defines a SAML HTTP protocol binding,
specifically using the HTTP POST method, and not using XML Digital
Signature for SAML message data origination authentication. Rather, a
'sign the BLOB' technique is employed wherein a conveyed SAML message
is treated as a simple octet string if it is signed. Conveyed SAML
assertions may be individually signed using XMLdsig. Security is optional
in this binding. (2) "Identity Provider Discovery Service Protocol and
Profile" is an alternative to the SAML V2.0 Identity Provider Discovery
profile in the "Profiles for the OASIS Security Assertion Markup Language
(SAML) V2.0" specification. It defines a generic browser-based protocol
by which a centralized discovery service implemented independently of
a given service provider can provide a requesting service provider with
the unique identifier of an identity provider that can authenticate a
principal. (3) "SAML V2.0 Attribute Sharing Profile for X.509
Authentication-Based Systems" is an alternative to "SAML V2.0 Deployment
Profiles for X.509 Subjects." This deployment profile specifies the use
of SAML V2.0 attribute queries and assertions to support distributed
authorization in support of X.509-based authentication. (4) "SAML V2.0
Deployment Profiles for X.509 Subjects" is an alternative to " SAML V2.0
Attribute Sharing Profile for X.509 Authentication-Based Systems." This
related set of SAML V2.0 deployment profiles specifies how a principal
who has been issued an X.509 identity certificate is represented as a
SAML Subject, how an assertion regarding such a principal is produced
and consumed, and finally how two entities exchange attributes about
such a principal. (5) "SAML V2.0 X.500/LDAP Attribute Profile" supersedes
the X.500/LDAP Attribute Profile in the original OASIS Standard "Profiles
for the OASIS Security Assertion Markup Language (SAML) V2.0." The
original profile results in well-formed but schema-invalid XML and
cannot be corrected without a normative change. More Information
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)