Archive for the 'SAML' Category

Latest revisions of SAML-LSSO and SimpleSign specs

Thursday, October 26th, 2006

Scott and I have updated the SAML-LSSO (Lightweight Web Browser Single-SignOn) profile and SimpleSign binding specs. Together they specify a lightweight SAML profile whose “security knob” can be dialed from completely “Off” to “On” (to various degrees) at implementation and/or deployment time. And if security is “On”, then the SimpleSign technique can be used, and/or […]

A Passel of IETF Internet-Drafts Reference SAML

Wednesday, October 11th, 2006

I did a cursory analysis of the number of current (as of 4-Oct-2006) IETF Internet-Drafts (I-Ds) that reference or employ SAML, and to what extent they do so. The executive summary of my findings is (click here to skip intro):

SUBSTANTIVE SAML employment: 8 I-Ds
Some SAML Incorporation: […]

Rev -02 of HTTP Post-SimpleSign Binding

Wednesday, October 4th, 2006

Scott Cantor and I have updated the SAML HTTP POST-SimpleSign binding, which I’d posted about earlier in September.
The revised spec is here: draft-hodges-saml-binding-simplesign-02.pdf.
We enhanced section “1.2.4 Message Encoding and Conveyance” to allow for conveyance of a signed (via XMLdsig) SAML message via this binding. The primary implication of this change is that […]

SAMLv2: HTTP Post-SimpleSign Binding

Friday, September 8th, 2006

Scott Cantor and I have revised the SAML HTTP POST-NoXMLdsig binding, which I’d posted about a while back.
We’ve renamed the binding to: “HTTP POST-SimpleSign”
The revised spec is here: draft-hodges-saml-binding-simplesign-01.pdf.
Note that the new “SimpleSign” spec obsoletes the old “NoXMLdsig” one.
There’s also various other relatively minor (some are subtle-but-important) changes and fixes, […]

How to Study and Learn SAML

Friday, September 8th, 2006

Here’s a doc I recently constructed as an aid for other protocol designers and system/protocol implementors to use in figuring out how to go about “learning SAML”…
http://identitymeme.org/doc/draft-hodges-learning-saml-00.html
Note that this item is also listed over there in the sidebar on the right under the heading “Pages” (on my main blog page).
Technorati Tags: saml

Another “identity topic” blogger…

Wednesday, August 9th, 2006

The thoughtful Roger Sullivan makes his blogosphere appearance..
From the desk of Roger Sullivan…
Welcome Roger!
No Tags

All Declared SAML IPR Statements are now “defensive suspension”

Wednesday, June 28th, 2006

See..
SAML IPR statements have been revised to explicit “defensive suspension”

..though don’t forget to also see this following message noting that AOL lead this charge by example, which those of us working behind the scenes to effect this overall posture liberally pointed to..
Re: SAML IPR statements have been revised toexplicit “defensive suspension”

The SSTC/SAML IPR Statements […]

SAMLv2: HTTP POST ‘NoXMLdsig’ Binding

Tuesday, June 13th, 2006

From various discussions held with various folks, e.g. on the IDWorkshop mailing list (aka “Identity Gang“), it has become apparent that the major sticking point w.r.t. SAMLv2 adoption in some quarters, e.g. in the “scripting” world (e.g. PHP/Perl/Python/Ruby), is the present SAMLv2 bindings‘ mandated reliance on XML Digital Signature (aka “XMLdsig”, http://www.w3.org/TR/xmldsig-core/). Interoperable XMLdsig libraries […]

Of SAML adoption…

Friday, May 12th, 2006

It turns out the Google has implemented SAML-based single sign-on in their Google Search Appliance gizmo.
Technorati Tags: Open Standards, saml

RSA alters SAML patent licensing posture to be “defensive suspension”

Friday, May 12th, 2006

So, unfortunately for a while now, a few companies have asserted that they hold IP (Intellectual Property, typically in the form of issued patents) that applies to various aspects of SAML. RSA Security is one of these companies, and it even went so far as to “require” those implementing SAML to fill-out a license application […]