Scott Cantor and I have updated the SAML HTTP POST-SimpleSign binding, which I’d posted about earlier in September.

The revised spec is here: draft-hodges-saml-binding-simplesign-02.pdf.

We enhanced section “1.2.4 Message Encoding and Conveyance” to allow for conveyance of a signed (via XMLdsig) SAML message via this binding. The primary implication of this change is that the only material difference between this binding and the “stock” HTTP POST binding in saml-bindings-2.0-os is inclusion of HTTP POST-SimpleSign’s particular sign-the-BLOB signature. We hope that this leads to greater code-reuse and ease for implementors.

We’re thinking we’re getting pretty close to being “done” with this particular spec.

Also, I need to update the SAMLv2 Lightweight Web Browser SSO Profile Internet-Draft (draft-hodges-saml-lsso-00.txt) to reference this new rev of the HTTP POST-SimpleSign binding.

Average Rating: 4.7 out of 5 based on 217 user reviews.

Leave a Reply

You must be logged in to post a comment.