Shibboleth Developers

["Diego R. Lopez" <>]

On 17 Feb 2008, at 20:45, Tom Scavo wrote:
> > SAML can be bound to
> > protocols other than HTTP, e.g. SIP, but I don't know if these
> > bindings have been standardized or implemented.  They're definitely
> > not the primary use case.
>
> I don't know about SIP, but I can tell you we continue to bind SAML to
> X.509 certificates with good success.  We are preparing to roll this
> out to TeraGrid sites later this month, as a matter of fact.

So are we in eduGAIN, for the so-called automated clients in perfSONAR.

> > On top of vanilla HTTP, there's SOAP, for
> > which there might already be options for this sort of integration of
> > transit-layer security using SOAP with WS-Trust and ID-WSF.
>
> One of the advantages of binding SAML to X.509 is that such tokens can
> be used at both the transport level and the message level.  If your
> application supports WS-Security X.509 Token Profile, it automatically
> supports X.509-bound SAML tokens.

Our experience with perfSONAR points to this kind of bindings as
key for bringing the federation promise down to the direct interaction
with the lower layers.

Be goode,

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez

Red.es - RedIRIS
The Spanish NREN

e-mail: 

jid:    

Tel:    +34 955 056 621
Mobile: +34 669 898 094
-----------------------------------------