Archive for September, 2006

SAMLv2: HTTP Post-SimpleSign Binding

Friday, September 8th, 2006

Scott Cantor and I have revised the SAML HTTP POST-NoXMLdsig binding, which I’d posted about a while back.

We’ve renamed the binding to: “HTTP POST-SimpleSign”

The revised spec is here: draft-hodges-saml-binding-simplesign-01.pdf.

Note that the new “SimpleSign” spec obsoletes the old “NoXMLdsig” one.

There’s also various other relatively minor (some are subtle-but-important) changes and fixes, such as..

  • Clarified that conveyed assertions may be signed.
  • Added optional conveyance of KeyInfo from XMLdsig in order to supply a hint wrt keying material to the recipient.
  • Clarified composability with other SAML HTTP-based bindings.
  • Revamped illustration.
  • etc.

We’re thinking we’re getting pretty close to being “done” with this particular spec.

FYI, an example SAML profile utilizing this binding is..

SAMLv2 Lightweight Web Browser SSO Profile
draft-hodges-saml-lsso-00.txt

How to Study and Learn SAML

Friday, September 8th, 2006

Here’s a doc I recently constructed as an aid for other protocol designers and system/protocol implementors to use in figuring out how to go about “learning SAML”…

http://identitymeme.org/doc/draft-hodges-learning-saml-00.html

Note that this item is also listed over there in the sidebar on the right under the heading “Pages” (on my main blog page).

A new Liberty/SAML opensource project: ZXID

Friday, September 8th, 2006

A new Liberty / SAML opensource project has just emerged — ZXID.org — with an emphasis on embedding the identity functionality in the “application layer” and supporting Perl and PHP.

From the web page:

ZXID project has currently (Aug 2006) three outputs

  • libzxid
    • A C library for supporting SAML 2.0, including federated Single Sign-On
  • zxid
    • A C program that implements a SAML Service Provider (SP) as a CGI script
  • Net::SAML
    • A Perl module wrapping libzxid. Also zxid.pl, that implements SP in mod_perl environment, is supplied.

There’s a bunch more information in the PDF readme file.

Check it out.