- From: Scott Cantor <cantor.2@osu.edu>
- Date: Fri, 15 Aug 2008 12:47:53 -0400
- To: "'Sean Mullan'" <Sean.Mullan@Sun.COM>, <public-xmlsec@w3.org>
> Does anyone have a reference to the SAML simple sign mechanism or can > explain it in more detail? http://wiki.oasis-open.org/security/SimpleSignBinding There's not much to explain, it signs an entire XML document as a blob using a medium (HTTP forms) where a signature can accompany the document separately. It's somewhat like S/MIME, except that the same people who refuse to use XML Signature aren't generally any more enamored of S/MIME, and using multipart submissions is just harder to get a browser to handle. A non-browser use case wouldn't be as hostile to S/MIME as a solution. I anticipate similar mechanisms or S/MIME itself being the obvious choice to secure web services, particularly without SOAP. -- Scott
Received on Friday, 15 August 2008 16:48:37 UTC