Skip to Content.
Sympa Menu

shibboleth-dev - Re: Draft Holder-of-Key Web SSO Profile

Subject: Shibboleth Developers

List archive

Re: Draft Holder-of-Key Web SSO Profile


Chronological Thread 
  • From: "Diego R. Lopez" <>
  • To:
  • Subject: Re: Draft Holder-of-Key Web SSO Profile
  • Date: Mon, 18 Feb 2008 00:53:11 +0100


On 17 Feb 2008, at 20:45, Tom Scavo wrote:
SAML can be bound to
protocols other than HTTP, e.g. SIP, but I don't know if these
bindings have been standardized or implemented. They're definitely
not the primary use case.

I don't know about SIP, but I can tell you we continue to bind SAML to
X.509 certificates with good success. We are preparing to roll this
out to TeraGrid sites later this month, as a matter of fact.

So are we in eduGAIN, for the so-called automated clients in perfSONAR.

On top of vanilla HTTP, there's SOAP, for
which there might already be options for this sort of integration of
transit-layer security using SOAP with WS-Trust and ID-WSF.

One of the advantages of binding SAML to X.509 is that such tokens can
be used at both the transport level and the message level. If your
application supports WS-Security X.509 Token Profile, it automatically
supports X.509-bound SAML tokens.

Our experience with perfSONAR points to this kind of bindings as
key for bringing the federation promise down to the direct interaction
with the lower layers.

Be goode,

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez

Red.es - RedIRIS
The Spanish NREN

e-mail:

jid:

Tel: +34 955 056 621
Mobile: +34 669 898 094
-----------------------------------------





Archive powered by MHonArc 2.6.16.

Top of Page