Hi List, At the moment Rampart/C has an implementation of SAML 1.1 specification. This implementation facilitates creation and processing of SAML 1.1 Assertions. SAML token profile 1.0 is also implemented into the Rampart/C. This token profile facilitate the sending and processing of SAML Assertions inside the security header. I think it is time to implement SAML 2.0.
AFAIK SAML 2.0 doesn't has a token profile for Web Services. So the initial implementation will focus on creation and processing of SAML tokens and nothing will be asserted about how the SAML tokens are sent in the Security header. One option is to send them as custom tokens. SAML 2.0 implementation will focus on the SAML Assertions. This implementation will be a tree like structure (Object model) which can be used for easy processing of SAML Assertions. For example something like struct saml2_assertion_t will be at the top and all other structures representing the SAML constructs like statements, conditions will be fields in this saml2_assertion_t. Structures like saml2_statement_t will host other structures forming a tree like structure. Any comments are highly appreciated. Regards, Supun..
