RE: IBM/MSFT whitepaper on secure, reliable, transacted Web serv ices


> -----Original Message-----
> From: Cutler, Roger (RogerCutler) 
> [] 
> Sent: Monday, September 29, 2003 5:39 PM
> To: Sanjiva Weerawarana;;
> Subject: RE: IBM/MSFT whitepaper on secure, reliable, 
> transacted Web services
> I know that this is a dumb question, but could you explain 
> how the WS-* specs relate to SAML?  Is the SAML functionality 
> in WS-* somewhere, so that the specs are incompatible?  Or 
> does WS-* operate in a different space and interact with SAML somehow?

As best I understand it, WS-Security provides a framework for exchanging /
negotiating security-related information, and SAML would describe one
particular type of payload for WS-Security messages, i.e. those that make
assertions about identity, authentication, authorization, etc.  They are
definitely complementary, not competitive: WS-Security talks about SOAP
headers and provides a generic security processing model; SAML doesn't know
anything about SOAP but knows a lot more about the details of security

Received on Monday, 29 September 2003 18:55:45 UTC