OpenSAML user discussion

[Brent Putman <>]

On 3/25/11 9:08 AM, Frank Mundt wrote:
> I need to sign and encrypt the SOAP Body along with the SAML Assertion
> (I have this working) . I have looked through the OpenSAML, OpenWS and
> XMLTooling projects and I don't see that this capability exists. I'm
> looking at the http://www.w3.org/TR/SOAP-dsig/ spec as a guideline.
> Does anyone know if the w3 spec has been implemented within OpenSAML
> or another compatible library? Or should I consider implementing it.


In addition to what Chad said, I'd point out that, at least as far as I
know, this "spec" (which really isn't a spec, as Chad noted) has
probably been superseded by the WS-Security spec.  This one appears to
have been published in Feb 2001.  WS-S 1.0 came out in March 2004 and
the latest 1.1 was ratified in Feb 2006.   AFAIK, WS-Security is the
defacto standard for signing and encrypting SOAP messages.  I'd also
note (since you mention encryption) that this document predates the XML
Encryption spec and therefore doesn't support encryption
(confidentiality) of the SOAP message, which is supported by WS-S .  
Unless you are working with some (ancient?) piece of software which
requires use of this "spec" for interop, you might want to consider
looking at using WS-Security instead.

OpenSAML does have full support for the schema defined in WS-S 1.1.


http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss