SAMLv2: HTTP Post-SimpleSign Binding

Scott Cantor and I have revised the SAML HTTP POST-NoXMLdsig binding, which I’d posted about a while back.

We’ve renamed the binding to: “HTTP POST-SimpleSign”

The revised spec is here: draft-hodges-saml-binding-simplesign-01.pdf.

Note that the new “SimpleSign” spec obsoletes the old “NoXMLdsig” one.

There’s also various other relatively minor (some are subtle-but-important) changes and fixes, such as..

  • Clarified that conveyed assertions may be signed.
  • Added optional conveyance of KeyInfo from XMLdsig in order to supply a hint wrt keying material to the recipient.
  • Clarified composability with other SAML HTTP-based bindings.
  • Revamped illustration.
  • etc.

We’re thinking we’re getting pretty close to being “done” with this particular spec.

FYI, an example SAML profile utilizing this binding is..

SAMLv2 Lightweight Web Browser SSO Profile

Leave a Reply

You must be logged in to post a comment.