Skip to Content.
Sympa Menu

wg-pic - Re: [wg-pic] Fwd: A SASL Mechanism for SAML

Subject: Presence and IntComm WG

List archive

Re: [wg-pic] Fwd: A SASL Mechanism for SAML


Chronological Thread 
  • From: Peter Saint-Andre <>
  • To:
  • Cc: Tom Scavo <>
  • Subject: Re: [wg-pic] Fwd: A SASL Mechanism for SAML
  • Date: Fri, 15 Jan 2010 14:32:32 -0700
  • Openpgp: url=http://www.saint-andre.com/me/stpeter.asc

If you'd like, I can get Klaas and Eliot to join one of our calls. Klaas
used to be active in i2 as I recall. :)

On 1/15/10 2:12 PM, Tom Scavo wrote:
> I haven't read through this yet but it certainly seems to be relevant. Tom
>
> ----------------------------------------------------------------------
>
> A SASL Mechanism for SAML
> Klaas Wierenga and Eliot Lear (eds), IETF Internet Draft
>
> An initial level -00 Standards Track IETF Internet Draft has been
> published for the specification "A SASL Mechanism for SAML." The memo
> specifies a SASL mechanism for SAML 2.0 that allows the integration
> of existing SAML Identity Providers with applications using SASL.
>
> Details: "Security Assertion Markup Language (SAML) is a multi-party
> protocol (or rather set of protocols) that provides a means for a user
> to offer identity assertions and other attributes to a relying party
> (RP) via the help of an identity provider (IdP).
>
> 'Simple Authentication and Security Layer (SASL)' is defined in IETF
> standards Track RFC #4422, edited by Alexey Melnikov and Kurt D.
> Zeilenga. The Simple Authentication and Security Layer (SASL) is a
> framework for providing authentication and data security services in
> connection-oriented protocols via replaceable mechanisms. It provides
> a structured interface between protocols and mechanisms. The resulting
> framework allows new protocols to reuse existing mechanisms and allows
> old protocols to make use of new mechanisms. The framework also
> provides a protocol for securing subsequent protocol exchanges within
> a data security layer.
>
> SASL is used by application protocols like IMAP, POP and XMPP. The
> effect is to make modular authentication, so that newer authentication
> mechanisms can be added as needed. This memo specifies just such a
> mechanism. As currently envisioned, this mechanism is to allow the
> interworking between SASL and SAML in order to assert identity and
> other attributes to relying parties. As such, while servers (as relying
> parties) will advertise SASL mechanisms (including SAML), clients will
> select the SAML SASL mechanism as their SASL mechanism of choice. The
> SAML mechanism described in this memo aims to re-use the available SAML
> deployment to a maximum extent and therefore does not establish a
> separate authentication, integrity and confidentiality mechanism. It
> is anticipated that existing security layers, such as Transport Layer
> Security (TLS), will continued to be used..."
>
> http://xml.coverpages.org/saml.html#wierenga-ietf-sasl-saml-00
> See also the SAML 2.0 Core specification:
> http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
>
> ----------------------------------------------------------------------
>


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.16.

Top of Page