[dix] fyi: SAMLv2 Lightweight Web Browser SSO Profile
Jeff Hodges <Jeff.Hodges@neustar.biz> Sat, 24 June 2006 18:18 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FuChu-0003ON-BT; Sat, 24 Jun 2006 14:18:10 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FuCht-0003OI-EJ for dix@ietf.org; Sat, 24 Jun 2006 14:18:09 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=pine.neustar.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FuChs-0006oB-1q for dix@ietf.org; Sat, 24 Jun 2006 14:18:09 -0400
Received: from [127.0.0.1] (stdhcp-234.va.neustar.com [10.31.13.234]) by pine.neustar.com (8.12.8/8.12.8) with ESMTP id k5OIHw5q010617 for <dix@ietf.org>; Sat, 24 Jun 2006 18:18:07 GMT
Message-ID: <449D81C4.8060706@neustar.biz>
Date: Sat, 24 Jun 2006 11:17:40 -0700
From: Jeff Hodges <Jeff.Hodges@neustar.biz>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: Digital Identity Exchange <dix@ietf.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.8 (--)
X-Scan-Signature: a87a9cdae4ac5d3fbeee75cd0026d632
Subject: [dix] fyi: SAMLv2 Lightweight Web Browser SSO Profile
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
Continuing in the vein of exploring how to make things easier implementation-wise for web sso relying parties, aka "service providers" -- which is a significant aspect of what's been discussed on this list -- we've crafted a "SAMLv2 Lightweight Web Browser SSO Profile": http://www.ietf.org/internet-drafts/draft-hodges-saml-lsso-00.txt This profile builds upon the "HTTP-POST-NoXMLdsig" SAML binding referenced in a prior message [1]. We understand that the overall problem space being discussed on this list goes beyond "simple web SSO", but there are several reasons we feel it worthwhile to craft a simple, lightweight, SAML web sso profile and contribute it to the discussion: * it is a large multi-faceted problem space and we find it valuable to break things down into smaller pieces * we want to explore which "knobs and buttons" in the existing SAML Web SSO Profile we can "turn down" in order to simplify service provider implementation and deployment effort [2] * we want to explore whether we can craft things such that the solutions for the other portions of the problem space can leverage a SAML profile such as this * there are a non-trivial number of SAML-based deployments [3] and products [4], so crafting a lightweight SSO mechanism that more closely resembles an existing SAML profile has the benefit of facilitating migration/interoperation for implementors and deployers JeffH [1] fyi: SAMLv2: HTTP POST “NoXMLdsig” Binding http://www1.ietf.org/mail-archive/web/dix/current/msg00720.html [2] e.g. by constraining the set of SAML bindings the web sso profile relies upon, eg the artifact binding -- which requires "callbacks" on the part of the sP to the IDP/identity agent -- implementation, and especially deployment is significantly simplified. [3] e.g.: http://shibboleth.internet2.edu/seas.html http://shibboleth.internet2.edu/community.html http://www.openidp.org/ http://www.athensams.net/local_auth/saml/ http://xml.coverpages.org/OblixSouthwestAirlines.html [4] e.g.: http://www.opensaml.org/ http://www.sourceid.org/projects/saml-1.1-toolkit.html http://sourceforge.net/projects/guanxi/ http://www.projectliberty.org/activities/conformant_products.php#SAML2 -------- Original Message -------- Subject: I-D ACTION:draft-hodges-saml-lsso-00.txt Date: Thu, 22 Jun 2006 10:50:02 -0400 From: Internet-Drafts@ietf.org Reply-To: internet-drafts@ietf.org To: i-d-announce@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : SAMLv2 Lightweight Web Browser SSO Profile Author(s) : J. Hodges, S. Cantor Filename : draft-hodges-saml-lsso-00.txt Pages : 28 Date : 2006-6-22 This document specifies a SAMLv2 lightweight Web Browser Single Sign-On Profile. This profile is modeled on the OASIS SAMLv2 Web Browser SSO profile, adding various constraints, and using a new lightweight SAMLv2 HTTP POST binding which does not rely on XML Digital Signature -- relying on a more simple-to-implement signature approach instead. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-hodges-saml-lsso-00.txt <snip/> --- end _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix