Scott and I have updated the SAML-LSSO (Lightweight Web Browser Single-SignOn) profile and SimpleSign binding specs. Together they specify a lightweight SAML profile whose “security knob” can be dialed from completely “Off” to “On” (to various degrees) at implementation and/or deployment time. And if security is “On”, then the SimpleSign technique can be used, and/or […]
I did a cursory analysis of the number of current (as of 4-Oct-2006) IETF Internet-Drafts (I-Ds) that reference or employ SAML, and to what extent they do so. The executive summary of my findings is (click here to skip intro):
SUBSTANTIVE SAML employment: 8 I-Ds
Some SAML Incorporation: […]
So there’s this bit of software called Gizmo that’s pretty cool, available from GizmoProject.com. It’s a SIP (Session Initiation Protocol) -based “softphone” widget, err.. gizmo, that allows one to make voice calls on the Internet, like VoIP, duh.
Anyway, obvious to anyone who’s paid a lick of attention the past few years, this competes with […]
It’s been a long haul, but it’s finally out the door..
Liberty Alliance Releases Final Version of ID-WSF 2.0 Web Services Standards (a comprehensive press release)
The specs themselves are here, and a very useful diagram illustrating the various high-level entity relationships in a deployment is here. If you mouse-over the boxes in the latter diagram, you’ll […]
Scott Cantor and I have updated the SAML HTTP POST-SimpleSign binding, which I’d posted about earlier in September.
The revised spec is here: draft-hodges-saml-binding-simplesign-02.pdf.
We enhanced section “1.2.4 Message Encoding and Conveyance” to allow for conveyance of a signed (via XMLdsig) SAML message via this binding. The primary implication of this change is that […]