OpenSAML user discussion

[Derek Atkins <>]

A SAML Assertion does not include a Shared Secret with which the
holder of the assertion (the user) can assert real-time possession.
In other words, generally the assertions are single-use (unlike
Kerberos tickets which are multiple use) and you handwave around the
potential attacks by using SSL and assuming that someone on the
network can't grab your packets, read your assertion, and replay the
message before the original message gets to the SP.

-derek

"Pham Hoai Van" 
<>
 writes:

> Kerberos model:
> http://www.oit.duke.edu/~rob/kerberos/kerbauth.html
>
> Because Kerberos Ticket is not xml-based, so i want a replacement of it 
> with 
> other xml-based message.
>
> Is it feasible with SAML Assertion ?
>
>
> ----- Original Message ----- 
> From: "Tom Scavo" 
> <>
> To: "Van Hoai" 
> <>
> Cc: 
> <>
> Sent: Wednesday, March 23, 2005 7:42 PM
> Subject: Re: Use SAML Assertion as Kerberos Ticket
>
>
>> Can you be more specific about what you mean by "follow the Kerberos
>> model"?
>>
>> Tom
>>
>>
>> On Wed, 23 Mar 2005 07:20:03 +0000 (GMT), Van Hoai
>> <>
>>  wrote:
>>>  hi everybody, i'm new to saml and sourceid.java.
>>>
>>> I wanna build a security system that follow Kerberos
>>> model, but instead of Kerberos Ticket i wanna use SAML
>>> Assertion. Is it feasible ?
>>>
>>> Thanks inadvance.
>>>
>>>
>>> --------------
>>> Pham Hoai Van
>
>
>
>

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       

                        PGP key available