OpenSAML user discussion

[Scott Cantor <>]

> Essentially, the WS-Security SAML Token Profile is the 
> endorsed way to attach SAML Assertions to SOAP messages - and 
> the spec for it is owned by the WS-Security TC.

Something else to bear in mind is that the SAML Token Profile (and 
WS-Security as a whole) resembles SAML itself in that it is very
use-case-neutral. The mere act of attaching SAML assertions (which can 
contain all sorts of information) to SOAP messages is
meaningless without a context in which they're created and evaluated. Without 
defining what you're doing and why, you haven't really
done anything useful wrt security.

The higher-layer WS-* specs that are currently not part of any official 
standards-setting effort are more specific in addressing
specific tasks, using the lower-layer work from WSS and SAML.

A specific example of a group that is defining a specific use case for SAML 
in a SOAP application exchange is Liberty, in the phase
2 specs. There's an ID-WSF security profiles document by Gary Ellison that 
attempts to profile specific uses of SAML in SOAP in the
context of web services.

http://www.projectliberty.org/specs/draft-lib-arch-security-profiles-v1.0-08.pdf

-- Scott

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--