Archive for September, 2006

SAMLv2: HTTP Post-SimpleSign Binding

Friday, September 8th, 2006

Scott Cantor and I have revised the SAML HTTP POST-NoXMLdsig binding, which I’d posted about a while back.

We’ve renamed the binding to: “HTTP POST-SimpleSign”

The revised spec is here: draft-hodges-saml-binding-simplesign-01.pdf.

Note that the new “SimpleSign” spec obsoletes the old “NoXMLdsig” one.

There’s also various other relatively minor (some are subtle-but-important) changes and fixes, such as..

  • Clarified that conveyed assertions may be signed.
  • Added optional conveyance of KeyInfo from XMLdsig in order to supply a hint wrt keying material to the recipient.
  • Clarified composability with other SAML HTTP-based bindings.
  • Revamped illustration.
  • etc.

We’re thinking we’re getting pretty close to being “done” with this particular spec.

FYI, an example SAML profile utilizing this binding is..

SAMLv2 Lightweight Web Browser SSO Profile

How to Study and Learn SAML

Friday, September 8th, 2006

Here’s a doc I recently constructed as an aid for other protocol designers and system/protocol implementors to use in figuring out how to go about “learning SAML”…

Note that this item is also listed over there in the sidebar on the right under the heading “Pages” (on my main blog page).

A new Liberty/SAML opensource project: ZXID

Friday, September 8th, 2006

A new Liberty / SAML opensource project has just emerged — — with an emphasis on embedding the identity functionality in the “application layer” and supporting Perl and PHP.

From the web page:

ZXID project has currently (Aug 2006) three outputs

  • libzxid
    • A C library for supporting SAML 2.0, including federated Single Sign-On
  • zxid
    • A C program that implements a SAML Service Provider (SP) as a CGI script
  • Net::SAML
    • A Perl module wrapping libzxid. Also, that implements SP in mod_perl environment, is supplied.

There’s a bunch more information in the PDF readme file.

Check it out.