Scott Cantor and I have updated the SAML HTTP POST-SimpleSign binding, which I’d posted about earlier in September.
The revised spec is here: draft-hodges-saml-binding-simplesign-02.pdf.
We enhanced section “1.2.4 Message Encoding and Conveyance” to allow for conveyance of a signed (via XMLdsig) SAML message via this binding. The primary implication of this change is that the only material difference between this binding and the “stock” HTTP POST binding in saml-bindings-2.0-os is inclusion of HTTP POST-SimpleSign’s particular sign-the-BLOB signature. We hope that this leads to greater code-reuse and ease for implementors.
We’re thinking we’re getting pretty close to being “done” with this particular spec.