The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.
SAML 2.0 and WS-Security
I am intending to use the SAML v2 specification by OASIS to generate SAML Assertions and include the same within the SOAP Header of all messages along with a WS Digital Signature. The intention is to address the 3 of the 4 A's of security to our services landscape.
My concern is that -as for now- OSASIS WS-Security v1.1 provides a SAML Token Profile (http://www.oasis-open.org/specs/#wssprofilesv1.0) but it seems this profile is for SAML v1.1! Therefore, my solution might have a gap!
Is possible / supported to use WS-Security v1.1 along with SAML v2.0??
Many thanks!
SAML 2.0 and WS-Security
You're looking at an old specification, the STP that came out with WSS 1.1 includes both token types.