Continuing in the vein of exploring how to make things easier
implementation-wise for web sso relying parties, aka "service providers" --
which is a significant aspect of what's been discussed on this list -- we've
crafted a "SAMLv2 Lightweight Web Browser SSO Profile":
http://www.ietf.org/internet-drafts/draft-hodges-saml-lsso-00.txt
This profile builds upon the "HTTP-POST-NoXMLdsig" SAML binding referenced in a
prior message [1].
We understand that the overall problem space being discussed on this list goes
beyond "simple web SSO", but there are several reasons we feel it worthwhile to
craft a simple, lightweight, SAML web sso profile and contribute it to the
discussion:
* it is a large multi-faceted problem space and we find it valuable
to break things down into smaller pieces
* we want to explore which "knobs and buttons" in the existing SAML Web
SSO Profile we can "turn down" in order to simplify service provider
implementation and deployment effort [2]
* we want to explore whether we can craft things such that the solutions
for the other portions of the problem space can leverage a SAML
profile such as this
* there are a non-trivial number of SAML-based deployments [3]
and products [4], so crafting a lightweight SSO mechanism that
more closely resembles an existing SAML profile has the benefit
of facilitating migration/interoperation for implementors and
deployers
JeffH
[1] fyi: SAMLv2: HTTP POST “NoXMLdsig” Binding
http://www1.ietf.org/mail-archive/web/dix/current/msg00720.html
[2] e.g. by constraining the set of SAML bindings the web sso profile relies
upon, eg the artifact binding -- which requires "callbacks" on the part
of the sP to the IDP/identity agent -- implementation, and especially
deployment is significantly simplified.
[3] e.g.: http://shibboleth.internet2.edu/seas.html
http://shibboleth.internet2.edu/community.html
http://www.openidp.org/
http://www.athensams.net/local_auth/saml/
http://xml.coverpages.org/OblixSouthwestAirlines.html
[4] e.g.: http://www.opensaml.org/
http://www.sourceid.org/projects/saml-1.1-toolkit.html
http://sourceforge.net/projects/guanxi/
http://www.projectliberty.org/activities/conformant_products.php#SAML2
-------- Original Message --------
Subject: I-D ACTION:draft-hodges-saml-lsso-00.txt
Date: Thu, 22 Jun 2006 10:50:02 -0400
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [email protected]
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : SAMLv2 Lightweight Web Browser SSO Profile
Author(s) : J. Hodges, S. Cantor
Filename : draft-hodges-saml-lsso-00.txt
Pages : 28
Date : 2006-6-22
This document specifies a SAMLv2 lightweight Web Browser Single
Sign-On Profile. This profile is modeled on the OASIS SAMLv2 Web
Browser SSO profile, adding various constraints, and using a new
lightweight SAMLv2 HTTP POST binding which does not rely on XML
Digital Signature -- relying on a more simple-to-implement signature
approach instead.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-hodges-saml-lsso-00.txt
<snip/>
---
end
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
