Latest revisions of SAML-LSSO and SimpleSign specs

Scott and I have updated the SAML-LSSO (Lightweight Web Browser Single-SignOn) profile and SimpleSign binding specs. Together they specify a lightweight SAML profile whose “security knob” can be dialed from completely “Off” to “On” (to various degrees) at implementation and/or deployment time. And if security is “On”, then the SimpleSign technique can be used, and/or the XMLdsig-based technique. The difference between the SimpleSign binding and the original SAMLv2 HTTP POST binding is rather small, and SimpleSign doesn’t obviate any aspects of the other binding, thus present implementations can be easily enhanced to support both bindings with minimal fuss.

Thus we feel one can easily, with SAML, provide the spectrum of simple-no-security-to-simple-but-with-security “Single Sign-On” functionality that various parties are currently running around attempting to reinvent.

The specs are here…

SAMLv2 Lightweight Web Browser SSO Profile

SAMLv2: HTTP POST “SimpleSign” Binding

JeffH sez check ’em out.

One Response to “Latest revisions of SAML-LSSO and SimpleSign specs”

  1. […] Note that this SAML Binding composes with the SAML-lSSO profile spec in order to realize a Lightweight SAML Web Browser SSO profile+binding where security and trust can be dialed from zero to full-on by implementors/deployers, as previously written about here. […]

Leave a Reply

You must be logged in to post a comment.