Skip to Content.
Sympa Menu

mace-opensaml-users - RE: OpenSAML for Web Services ???

Subject: OpenSAML user discussion

List archive

RE: OpenSAML for Web Services ???


Chronological Thread 
  • From: "Anderson Jonathan" <>
  • To: "RL 'Bob' Morgan" <>, "nicho mmmmmmm" <>
  • Cc: <>
  • Subject: RE: OpenSAML for Web Services ???
  • Date: Mon, 12 May 2003 11:34:28 -0400
  • Importance: Normal

Part of the problem is that the OASIS SAML TC defined no "SOAP Profile of
SAML" in their 1.0/1.1 specs. They drafted one, and released it to the
OASIS WS-Security TC to own - and the WS-Security TC promptly renamed it the
"WS-Security SAML Token Profile" and listed alongside the other WS-Security
Token Profiles. Very confusing.

Essentially, the WS-Security SAML Token Profile is the endorsed way to
attach SAML Assertions to SOAP messages - and the spec for it is owned by
the WS-Security TC. DO NOT confuse this with the SOAP-over-HTTP binding of
SAML, which is how you speak the SAML query language over SOAP.
SOAP-over-HTTP is defined in the core SAML spec, and is owned by the SAML
TC.

Hope this helps.
-Jon


-----Original Message-----
From:

[mailto:]On
Behalf Of RL 'Bob'
Morgan
Sent: Monday, May 12, 2003 10:49 AM
To: nicho mmmmmmm
Cc:

Subject: RE: OpenSAML for Web Services ???



On Mon, 12 May 2003, nicho mmmmmmm wrote:

> My question is can we change the source site and the destination site as
> a web services, and user directly access the source site without using
> any browser, JSP and servlet ? with WSDL of the web services provided to
> the user, and the user just need to create a stub to invoke the source
> site through SOAP message ?

The SAML specs only define its use in the web browser scenario.

If the interaction you're trying to secure is between two programmable
entities communicating via SOAP, then you should check out the work of the
OASIS Web Services Security TC:

http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss

The WSS work defines how various kinds of security mechanisms, including
SAML, can be used directly to provide security for SOAP messages. The set
of specs is pretty close to being done.

- RL "Bob"





---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--




Archive powered by MHonArc 2.6.16.

Top of Page