wg-pic - Re: [wg-pic] Fwd: A SASL Mechanism for SAML
Subject: Presence and IntComm WG
List archive
- From: Jorj Bauer <>
- To:
- Cc: Tom Scavo <>
- Subject: Re: [wg-pic] Fwd: A SASL Mechanism for SAML
- Date: Thu, 11 Mar 2010 10:48:53 -0500
Hi Peter,
We had a good discussion on this topic last week, focusing on Wierenga and
Lear's I-D. Next week we're going to try to discuss the various AuthN
opportunities for XMPP and see if any of them is something the PICwg would
like to push for. From that point we may want to follow up wiht Wierenga and
Lear directly - if we go that direction, we'll take you up on your offer of
coordinating with them.
The list of three different AuthN proposals is now in our Wiki space:
https://wiki.internet2.edu/confluence/display/picwg/AuthN+research
If you can't reach that page (it's in our protected space), I believe that
Elaine (on this list) can help out... ?
-- Jorj
On Jan 15, 2010, at 4:32 PM, Peter Saint-Andre wrote:
> If you'd like, I can get Klaas and Eliot to join one of our calls. Klaas
> used to be active in i2 as I recall. :)
>
> On 1/15/10 2:12 PM, Tom Scavo wrote:
>> I haven't read through this yet but it certainly seems to be relevant. Tom
>>
>> ----------------------------------------------------------------------
>>
>> A SASL Mechanism for SAML
>> Klaas Wierenga and Eliot Lear (eds), IETF Internet Draft
>>
>> An initial level -00 Standards Track IETF Internet Draft has been
>> published for the specification "A SASL Mechanism for SAML." The memo
>> specifies a SASL mechanism for SAML 2.0 that allows the integration
>> of existing SAML Identity Providers with applications using SASL.
>>
>> Details: "Security Assertion Markup Language (SAML) is a multi-party
>> protocol (or rather set of protocols) that provides a means for a user
>> to offer identity assertions and other attributes to a relying party
>> (RP) via the help of an identity provider (IdP).
>>
>> 'Simple Authentication and Security Layer (SASL)' is defined in IETF
>> standards Track RFC #4422, edited by Alexey Melnikov and Kurt D.
>> Zeilenga. The Simple Authentication and Security Layer (SASL) is a
>> framework for providing authentication and data security services in
>> connection-oriented protocols via replaceable mechanisms. It provides
>> a structured interface between protocols and mechanisms. The resulting
>> framework allows new protocols to reuse existing mechanisms and allows
>> old protocols to make use of new mechanisms. The framework also
>> provides a protocol for securing subsequent protocol exchanges within
>> a data security layer.
>>
>> SASL is used by application protocols like IMAP, POP and XMPP. The
>> effect is to make modular authentication, so that newer authentication
>> mechanisms can be added as needed. This memo specifies just such a
>> mechanism. As currently envisioned, this mechanism is to allow the
>> interworking between SASL and SAML in order to assert identity and
>> other attributes to relying parties. As such, while servers (as relying
>> parties) will advertise SASL mechanisms (including SAML), clients will
>> select the SAML SASL mechanism as their SASL mechanism of choice. The
>> SAML mechanism described in this memo aims to re-use the available SAML
>> deployment to a maximum extent and therefore does not establish a
>> separate authentication, integrity and confidentiality mechanism. It
>> is anticipated that existing security layers, such as Transport Layer
>> Security (TLS), will continued to be used..."
>>
>> http://xml.coverpages.org/saml.html#wierenga-ietf-sasl-saml-00
>> See also the SAML 2.0 Core specification:
>> http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
>>
>> ----------------------------------------------------------------------
>>
>
>
Attachment:
PGP.sig
Description: This is a digitally signed message part
- Re: [wg-pic] Fwd: A SASL Mechanism for SAML, Jorj Bauer, 03/11/2010
Archive powered by MHonArc 2.6.16.