I’ve updated the SAML-lSSO and SAML OpenID Profile specs just to bring them up-to-date with the latest revisions of various SAML and OpenID specs and to fix minor editorial issues. The SAML-lSSO spec is presently not a current IETF Internet-Draft — it’s prior version expired a few months ago. We’re thinking about whether we want […]
The latest revision of the SAML HTTP POST-SimpleSign Binding Spec is here…
draft-sstc-saml-binding-simplesign-02
http://www.oasis-open.org/committees/download.php
/21715/draft-sstc-saml-binding-simplesign-02.pdf
Diff version: draft-sstc-saml-binding-simplesign-02-diff
http://www.oasis-open.org/committees/download.php
/21716/draft-sstc-saml-binding-simplesign-02-diff.pdf
The salient difference between this new rev of this spec and the prior rev (which is at “Committee Draft” maturity level and out for Public Review) is that now we sign the SAML protocol message’s raw XML representation, rather than base64 encoding […]
Scott and I have updated the SAML-LSSO (Lightweight Web Browser Single-SignOn) profile and SimpleSign binding specs. Together they specify a lightweight SAML profile whose “security knob” can be dialed from completely “Off” to “On” (to various degrees) at implementation and/or deployment time. And if security is “On”, then the SimpleSign technique can be used, and/or […]
Scott Cantor and I have updated the SAML HTTP POST-SimpleSign binding, which I’d posted about earlier in September.
The revised spec is here: draft-hodges-saml-binding-simplesign-02.pdf.
We enhanced section “1.2.4 Message Encoding and Conveyance” to allow for conveyance of a signed (via XMLdsig) SAML message via this binding. The primary implication of this change is that […]
Scott Cantor and I have revised the SAML HTTP POST-NoXMLdsig binding, which I’d posted about a while back.
We’ve renamed the binding to: “HTTP POST-SimpleSign”
The revised spec is here: draft-hodges-saml-binding-simplesign-01.pdf.
Note that the new “SimpleSign” spec obsoletes the old “NoXMLdsig” one.
There’s also various other relatively minor (some are subtle-but-important) changes and fixes, […]
The Liberty Alliance recently announced availability of:
ID-WSF 2.0 (DRAFT), the Identity Web Services Framework (ID-WSF), Draft Release 3
We’re getting very close to completing ID-WSFv2.0. I expect the delta between this Draft Release 3 specification set and the WSFv2.0 “final” spec set to be pretty small.
If you are interested in secure, identity-enabled, SOAP-based web services […]
From various discussions held with various folks, e.g. on the IDWorkshop mailing list (aka “Identity Gang“), it has become apparent that the major sticking point w.r.t. SAMLv2 adoption in some quarters, e.g. in the “scripting” world (e.g. PHP/Perl/Python/Ruby), is the present SAMLv2 bindings‘ mandated reliance on XML Digital Signature (aka “XMLdsig”, http://www.w3.org/TR/xmldsig-core/). Interoperable XMLdsig libraries […]