SAML 2.0 and WS-Security
I am intending to use the SAML v2 specification by OASIS to generate SAML Assertions and include the same within the SOAP Header of all messages along with a WS Digital Signature. The intention is to address the 3 of the 4 A's of security to our services landscape.
My concern is that -as for now- OSASIS WS-Security v1.1 provides a SAML Token Profile (http://www.oasis-open.org/specs/#wssprofilesv1.0) but it seems this profile is for SAML v1.1! Therefore, my solution might have a gap!
Is possible / supported to use WS-Security v1.1 along with SAML v2.0??