Skip to Content.
Sympa Menu

wg-pic - Fwd: A SASL Mechanism for SAML

Subject: Presence and IntComm WG

List archive

Fwd: A SASL Mechanism for SAML


Chronological Thread 
  • From: Tom Scavo <>
  • To: PIC WG <>
  • Subject: Fwd: A SASL Mechanism for SAML
  • Date: Fri, 15 Jan 2010 15:12:34 -0600
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; b=AY69VL7uQ3Z578xcUd/i54PSldyGCFMqPTphQLczLDkSQ6ualoXc7rzPti5M5IwbO4 vFeiQjF1uy3Pq6Hi5XHmI1W6WI41nqSS7mIQ95IkzDncBORTy1Wc+S1NnwtGnNbAJayU bKnG7Hod8px+oDVgTTxoL0pTISwB+DdZaDFxs=

I haven't read through this yet but it certainly seems to be relevant. Tom

----------------------------------------------------------------------

A SASL Mechanism for SAML
Klaas Wierenga and Eliot Lear (eds), IETF Internet Draft

An initial level -00 Standards Track IETF Internet Draft has been
published for the specification "A SASL Mechanism for SAML." The memo
specifies a SASL mechanism for SAML 2.0 that allows the integration
of existing SAML Identity Providers with applications using SASL.

Details: "Security Assertion Markup Language (SAML) is a multi-party
protocol (or rather set of protocols) that provides a means for a user
to offer identity assertions and other attributes to a relying party
(RP) via the help of an identity provider (IdP).

'Simple Authentication and Security Layer (SASL)' is defined in IETF
standards Track RFC #4422, edited by Alexey Melnikov and Kurt D.
Zeilenga. The Simple Authentication and Security Layer (SASL) is a
framework for providing authentication and data security services in
connection-oriented protocols via replaceable mechanisms. It provides
a structured interface between protocols and mechanisms. The resulting
framework allows new protocols to reuse existing mechanisms and allows
old protocols to make use of new mechanisms. The framework also
provides a protocol for securing subsequent protocol exchanges within
a data security layer.

SASL is used by application protocols like IMAP, POP and XMPP. The
effect is to make modular authentication, so that newer authentication
mechanisms can be added as needed. This memo specifies just such a
mechanism. As currently envisioned, this mechanism is to allow the
interworking between SASL and SAML in order to assert identity and
other attributes to relying parties. As such, while servers (as relying
parties) will advertise SASL mechanisms (including SAML), clients will
select the SAML SASL mechanism as their SASL mechanism of choice. The
SAML mechanism described in this memo aims to re-use the available SAML
deployment to a maximum extent and therefore does not establish a
separate authentication, integrity and confidentiality mechanism. It
is anticipated that existing security layers, such as Transport Layer
Security (TLS), will continued to be used..."

http://xml.coverpages.org/saml.html#wierenga-ietf-sasl-saml-00
See also the SAML 2.0 Core specification:
http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

----------------------------------------------------------------------

--
Tom Scavo
http://twitter.com/trscavo



Archive powered by MHonArc 2.6.16.

Top of Page