[OAUTH-WG] draft-ietf-oauth-saml2-bearer-10 question
Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com> Fri, 06 April 2012 01:36 UTC
Return-Path: <Adam.Lewis@motorolasolutions.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28CAF11E8089 for <oauth@ietfa.amsl.com>; Thu, 5 Apr 2012 18:36:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.467
X-Spam-Level:
X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JINkpUfpPRxJ for <oauth@ietfa.amsl.com>; Thu, 5 Apr 2012 18:36:03 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe003.messaging.microsoft.com [216.32.180.13]) by ietfa.amsl.com (Postfix) with ESMTP id 10EC211E8080 for <oauth@ietf.org>; Thu, 5 Apr 2012 18:36:02 -0700 (PDT)
Received: from mail141-va3-R.bigfish.com (10.7.14.242) by VA3EHSOBE008.bigfish.com (10.7.40.28) with Microsoft SMTP Server id 14.1.225.23; Fri, 6 Apr 2012 01:36:01 +0000
Received: from mail141-va3 (localhost [127.0.0.1]) by mail141-va3-R.bigfish.com (Postfix) with ESMTP id 9EC53440608 for <oauth@ietf.org>; Fri, 6 Apr 2012 01:36:01 +0000 (UTC)
X-SpamScore: 1
X-BigFish: VPS1(zzc85fhzz1202hzz8275bh8275dhz32i2a8h683h839hd25h)
X-Forefront-Antispam-Report: CIP:192.160.210.20; KIP:(null); UIP:(null); IPV:NLI; H:il27msg01.am.mot-solutions.com; RD:il27msg01.mot-solutions.com; EFVD:NLI
Received: from mail141-va3 (localhost.localdomain [127.0.0.1]) by mail141-va3 (MessageSwitch) id 1333676160127328_7399; Fri, 6 Apr 2012 01:36:00 +0000 (UTC)
Received: from VA3EHSMHS005.bigfish.com (unknown [10.7.14.245]) by mail141-va3.bigfish.com (Postfix) with ESMTP id 19B844C0043 for <oauth@ietf.org>; Fri, 6 Apr 2012 01:36:00 +0000 (UTC)
Received: from il27msg01.am.mot-solutions.com (192.160.210.20) by VA3EHSMHS005.bigfish.com (10.7.99.15) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 6 Apr 2012 01:35:56 +0000
Received: from il27msg01.am.mot-solutions.com (ct11vts03.am.mot.com [10.177.16.162]) by il27msg01.am.mot-solutions.com (8.14.3/8.14.3) with ESMTP id q361l6Ln018698 for <oauth@ietf.org>; Thu, 5 Apr 2012 20:47:07 -0500 (CDT)
Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe003.messaging.microsoft.com [65.55.88.13]) by il27msg01.am.mot-solutions.com (8.14.3/8.14.3) with ESMTP id q361l68T018695 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <oauth@ietf.org>; Thu, 5 Apr 2012 20:47:06 -0500 (CDT)
Received: from mail163-tx2-R.bigfish.com (10.9.14.243) by TX2EHSOBE007.bigfish.com (10.9.40.27) with Microsoft SMTP Server id 14.1.225.23; Fri, 6 Apr 2012 01:35:53 +0000
Received: from mail163-tx2 (localhost [127.0.0.1]) by mail163-tx2-R.bigfish.com (Postfix) with ESMTP id 878924004CE for <oauth@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Fri, 6 Apr 2012 01:35:53 +0000 (UTC)
Received: from mail163-tx2 (localhost.localdomain [127.0.0.1]) by mail163-tx2 (MessageSwitch) id 1333676151328162_17576; Fri, 6 Apr 2012 01:35:51 +0000 (UTC)
Received: from TX2EHSMHS031.bigfish.com (unknown [10.9.14.242]) by mail163-tx2.bigfish.com (Postfix) with ESMTP id 40FEA2006F for <oauth@ietf.org>; Fri, 6 Apr 2012 01:35:51 +0000 (UTC)
Received: from CH1PRD0410HT001.namprd04.prod.outlook.com (157.56.244.181) by TX2EHSMHS031.bigfish.com (10.9.99.131) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 6 Apr 2012 01:35:50 +0000
Received: from CH1PRD0410MB369.namprd04.prod.outlook.com ([169.254.6.77]) by CH1PRD0410HT001.namprd04.prod.outlook.com ([10.255.147.36]) with mapi id 14.16.0135.002; Fri, 6 Apr 2012 01:35:49 +0000
From: Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: draft-ietf-oauth-saml2-bearer-10 question
Thread-Index: Ac0TlZgcTpLFLOatT/CbfOARUfhxCw==
Date: Fri, 06 Apr 2012 01:35:49 +0000
Message-ID: <59E470B10C4630419ED717AC79FCF9A906DCC7@CH1PRD0410MB369.namprd04.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [150.130.21.49]
Content-Type: multipart/alternative; boundary="_000_59E470B10C4630419ED717AC79FCF9A906DCC7CH1PRD0410MB369na_"
MIME-Version: 1.0
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 04
X-MS-Exchange-CrossPremises-AuthSource: CH1PRD0410HT001.namprd04.prod.outlook.com
X-MS-Exchange-CrossPremises-SCL: -1
X-MS-Exchange-CrossPremises-messagesource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-rules-execution-history: Sample Spam Submissions
X-MS-Exchange-CrossPremises-processed-by-journaling: Journal Agent
X-MS-Exchange-CrossPremises-ContentConversionOptions: False;00160000;True;;
X-OrganizationHeadersPreserved: CH1PRD0410HT001.namprd04.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%1294$Dn%IETF.ORG$RO%2$TLS%3$FQDN%msgate.mot-solutions.com$TlsDn%
X-CFilter-Loop: Reflected
X-OriginatorOrg: motorolasolutions.com
Subject: [OAUTH-WG] draft-ietf-oauth-saml2-bearer-10 question
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2012 01:36:04 -0000
Hi, Reading draft-ietf-oauth-saml2-bearer-10, it states: The process by which the client obtains the SAML Assertion, prior to exchanging it with the authorization server or using it for client authentication, is out of scope. Accepting that it's out of scope from the draft, what are the realistic alternatives to obtaining the SAML assertion out of band? WS-Trust provides a direct method to request a SAML assertion from a STS, and the SAML ECP profiles seems to allow this behavior, but it doesn't seem like ECP is very well supported. What other viable means are there from a client to directly request a SAML assertion from an assertion issuer? Tx! adam
- [OAUTH-WG] draft-ietf-oauth-saml2-bearer-10 quest… Lewis Adam-CAL022
- Re: [OAUTH-WG] draft-ietf-oauth-saml2-bearer-10 q… John Bradley
- Re: [OAUTH-WG] draft-ietf-oauth-saml2-bearer-10 q… Brian Campbell