The SAML token profile, defines how one uses one of two
SAML specified confirmation mechanims (sender-vouches and holder of key)
to bind an assertion (containing one or more subject statements each
with embedded subject identifier) to a SOAP msg.
Said another way, the SAML token profile provides 2 mechanims to identify
the "client" of a SOAP msg in a manner such that a msg receiver can
the binding of the assertion (and thus the subjects that it contains) to
Additional identifying attributes can also be conveyed within the SAML
but neither SAML or the SAML token profile standardize specific attributes
to be included in assertions.
SAML defines the values that can be carried as the subject in subject
Tony Opatha wrote:
Is it possible to include binary data in an SAML Assertion token such that
the token is used to identify a SOAP client by inclusion of the token
SOAP Security Extension header i.e., <wss:security> element?
In the SAML spec it seems like there is a way to pass non-XML application
data that may be processed by a receiving party's security service?
It is possible to include binary data in SAML token as part of
and would conforming WSS SOAP Security implementation accept a SAML
token passed in the SOAP security header with binary token data
the Assertion token containing AttributeStatement in binary form?