OpenSAML user discussion

[Chad La Joie <>]

There are many ways in which you could verify SAML assertions, 
signatures is the most common transport-agnostic manner, TLS is the most 
common transport-specific manner.

A sort of middle ground approach is the currently draft simple signing 
binding (link below), but this is limited to HTTP POST.

http://www.oasis-open.org/committees/download.php/20561/draft-hodges-saml-binding-simplesign-02.pdf

As far as the release date for OpenSAML 2.0 I've stopped trying to 
speculate and have finally resorted to Scott's answer "It'll be done 
when it's done, which will be with the release of Shibboleth 2.0".  The 
TP2 release is fairly stable when it comes to message parsing and 
creation.  The signature work is going to be changed before the final 
release so I wouldn't build a lot of code on top of that yet and the 
binding support isn't included with TP2 (though is in development on the 
trunk).

Manuel Ernstberger wrote:
> Hello,
>
> is it possible to verify SAML assertions without using signatures? Is there 
> perhaps a possibility to compare two SAML assertions?
>
> By the way, do you know when exactly the stable version of opensaml 2.0 will 
> be released? Or can I already work with the TP without having too much 
> problems?
>
> Regards,
>
> Manuel

--
Chad La Joie             2052-C Harris Bldg
OIS-Middleware           202.687.0124