Scott and I have updated the SAML-LSSO (Lightweight Web Browser Single-SignOn) profile and SimpleSign binding specs. Together they specify a lightweight SAML profile whose “security knob” can be dialed from completely “Off” to “On” (to various degrees) at implementation and/or deployment time. And if security is “On”, then the SimpleSign technique can be used, and/or the XMLdsig-based technique. The difference between the SimpleSign binding and the original SAMLv2 HTTP POST binding is rather small, and SimpleSign doesn’t obviate any aspects of the other binding, thus present implementations can be easily enhanced to support both bindings with minimal fuss.

Thus we feel one can easily, with SAML, provide the spectrum of simple-no-security-to-simple-but-with-security “Single Sign-On” functionality that various parties are currently running around attempting to reinvent.

The specs are here…

SAMLv2 Lightweight Web Browser SSO Profile

SAMLv2: HTTP POST â€œSimpleSignâ€ Binding

JeffH sez check ’em out.

Average Rating: 4.7 out of 5 based on 200 user reviews.

[ | | | from fda approved pharmacy | ]

This entry was posted on Thursday, October 26th, 2006 at 3:31 pm and is filed under Draft Specs, SAML. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “”

IdentityMeme.org » Blog Archive » Latest Revision of SAML HTTP POST-SimpleSign Binding Spec says:

February 2, 2007 at 3:23 pm

[…] Note that this SAML Binding composes with the SAML-lSSO profile spec in order to realize a Lightweight SAML Web Browser SSO profile+binding where security and trust can be dialed from zero to full-on by implementors/deployers, as previously written about here. […]

Log in to Reply

You must be logged in to post a comment.

One Response to “”

Leave a Reply