Upload
ashlee-lamb
View
213
Download
0
Embed Size (px)
Citation preview
Review of Liberty Alliance 1.1 Web Browser Profiles
Prateek Mishra
Netegrity
Web Browser Profiles in SAML 1.0
SAML 1.0 (Form POST/Artifact Profile)
Source Site (LA IdP)
Destination Site(LA SP)
Proposed for inclusion in SAML 1.1 (Form POST/Artifact Profile)
Flow and solution proposal are described in:
sstc-bindings-extensions-03
LA 1.1 Solution Proposal Analysis
• Assumptions: Use-Case and requirements are well understood
• How is the LA 1.1 solution proposal different from SAML 1.0 and SAML 1.1 drafts?
LA 1.1 Flows
LA IdPLA SP<AuthNRequest>
<AuthNResponse> or Artifact
• Rules for mapping XML elements into query strings are described (Section 3.1.2 of Bindings and Profiles)
• AuthNRequest SHOULD be signed
• Assertions with AuthNResponse MUST be signed; it is recommended that the response itself not be signed
• Question: What about counter-measures based on signing TARGET in SAML 1.0?
• Artifact profile Request-Response:<samlp: Request> MUST be signed <samlp: Response> MAY be signed but contained assertions MUST be signed.
• ISSUE: Update and reconcile signing with SAML 1.1 guidelines