W3C home > Mailing lists > Public > public-xg-webid@w3.org > June 2011

Re: SAML - Re: [foaf-protocols] WebID test suite

From: Matt DeMoss <demoss.matt@gmail.com>
Date: Wed, 29 Jun 2011 15:17:27 -0400
Message-ID: <BANLkTi=0Gv5ct5UVMhe-8fxZj7OsR9rXTw@mail.gmail.com>
To: Henry Story <henry.story@bblfish.net>
Cc: Kingsley Idehen <kidehen@openlinksw.com>, Peter Williams <home_pw@msn.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
> it requires the browser to generate some SAML token

I didn't read it that way. Step 5 describes "Identity Provider Issues
<samlp:Response> to Service Provider (section 2.6.5)" The browser then
delivers the response to the service provider. This can be done via
redirect, POST, or artifact (cookie), but I don't think it is
necessary that the browser understands what is in the response.

It is very similar to the Browser SSO profile except that the response
is arguably better protected against loss.

On Wed, Jun 29, 2011 at 3:37 AM, Henry Story <henry.story@bblfish.net> wrote:
>
> On 29 Jun 2011, at 00:55, Matt DeMoss wrote:
>
>> Earlier in the thread I half-remembered a SAML profile that seemed to
>> have something in common with WebID.
>>
>> This is the profile I was remembering:
>>
>> http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-holder-of-key-browser-sso.html
>
> Thanks, good find. It looks - on very quick perusal - that the protocol is somewhat different, in that it requires the browser to generate some SAML token, requiring changes to the browsre. But that is a good reference to add to our
> ISSUE-30.
>
> Perhaps people with more SAML background can give us deeper insight into this.
>
> Henry
>
>
>>
>>
>>
>> On Tue, Jun 28, 2011 at 6:16 PM, Kingsley Idehen <kidehen@openlinksw.com> wrote:
>>> On 6/28/11 10:39 PM, Peter Williams wrote:
>>>>
>>>> do use one of the standard assertion formats. Dont make a custom profile
>>>> of it. A good test is that if you use openid or ws-fedp that it works with
>>>> Microsoft ACS as the assertion consuming party. if y ou choose SAML2 (now
>>>> commodity in windows!), ensure it works with ADFS as the assertion consuming
>>>> engine. These products (ACS and ADFS) are "final stage" products, way
>>>> post-research phase, entering the market at the commodization point defined
>>>> as one that maximizes interoperability. if you can inter with them, you
>>>> stand a good change of inteworking with the vast majority of other vendor's
>>>> equivalent implementations.
>>>
>>> For us middleware types, pragmatic interop is the name of the game. On our
>>> part we'll map whatever exists to WebID in order for it to gain traction :-)
>>>
>>> We'll take a look at ADFS and SAML2 on Windows re. addition WebID protocol
>>> bridging. Windows isn't foreign territory to us.
>>>
>>> --
>>>
>>> Regards,
>>>
>>> Kingsley Idehen
>>> President&  CEO
>>> OpenLink Software
>>> Web: http://www.openlinksw.com
>>> Weblog: http://www.openlinksw.com/blog/~kidehen
>>> Twitter/Identi.ca: kidehen
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>
> Social Web Architect
> http://bblfish.net/
>
>
Received on Wednesday, 29 June 2011 19:17:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC