[ws-sx-comment] Using signed SAML tokens to authorize service access - Dennis Sosnoski - org.oasis-open.lists.ws-sx-comment

1 message in org.oasis-open.lists.ws-sx-comment[ws-sx-comment] Using signed SAML tok...

From	Sent On	Attachments
Dennis Sosnoski	Jul 13, 2010 9:36 pm

Subject:	[ws-sx-comment] Using signed SAML tokens to authorize service access
From:	Dennis Sosnoski (dm...@sosnoski.com)
Date:	Jul 13, 2010 9:36:56 pm
List:	org.oasis-open.lists.ws-sx-comment

I've been looking at using SAML tokens signed by the issuer to authorize access to a service. We're planning to use bearer confirmation, and keep the tokens secure by always using secure transport (without any message-level signing or encryption). I've got two questions in regard to this configuration:

1. Can the WS-SecurityPolicy for the services be structured to require the presence of a SAML token signed by a particular issuer (as identified by an X.509 certificate)?

2. Is there anything in the WS-Security specification or related specifications which require services to verify the issuer signature of a SAML token used in this way?

Thanks,

- Dennis

-- This publicly archived list offers a means to provide input to the OASIS Web Services Secure Exchange (WS-SX) TC.

In order to verify user consent to the Feedback License terms and to minimize spam in the list archive, subscription is required before posting.

Subscribe: ws-s...@lists.oasis-open.org Unsubscribe: ws-s...@lists.oasis-open.org List help: ws-s...@lists.oasis-open.org List archive: http://lists.oasis-open.org/archives/ws-sx-comment/ Feedback License: http://www.oasis-open.org/who/ipr/feedback_license.pdf List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Committee: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-sx

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets