The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Welcome to SAML XML.org.

This is the official community gathering place and information resource for the SAML OASIS Standard. SAML provides an XML-based framework for creating and exchanging security information between online partners. This is a community-driven site, and the public is encouraged to contribute content.

"Security Challenges for the Information Society"

Event: Submitted by deeschur on Thu, 2008-08-21 14:20.
Location: 
London, UK
Date: 
30 Sep 2008 - 08:00 - 3 Oct 2008 - 06:00
Event Type: 
Conference

(1) direct communication and (2) forwarding the assertion

Forum topic: Submitted by dimoxinil on Tue, 2008-08-19 13:29.

Hi,

I'm new to SAML and I have two - hopefully not too silly - questions:

(Question 1)

I understood from the profiles in the standard that when requesting an assertion the relying party (server) never contacts the SAML authority (identity provider) directly but only via the user (client), e.g. by redirect.

My question: Is it also possible that the server contacts the SAML authority directly to request an assertion?

- If not, why not?

- If yes, where can I find this variation in the standard?

Read more

SAML 1.0 mailing list archives

Wiki page: Submitted by bcampbell on Mon, 2008-08-18 22:25.

Mail archives are available for the following SSTC mailing lists that are no longer in use.

  • security-use
  • security-core
  • security-protocol
  • security-bindings
  • security- consider
  • security-conform

 

Read more

SAML 2.0 and WS-Security

Forum topic: Submitted by lweir on Wed, 2008-08-13 13:32.

 I am intending to use the SAML v2 specification by OASIS to generate SAML Assertions and include the same within the SOAP Header of all messages along with a WS Digital Signature. The intention is to address the 3 of the 4 A's of security to our services landscape.

My concern is that -as for now- OSASIS WS-Security v1.1 provides a SAML Token Profile (http://www.oasis-open.org/specs/#wssprofilesv1.0) but it seems this profile is for SAML v1.1! Therefore, my solution might have a gap!

Is possible / supported to use WS-Security v1.1 along with SAML v2.0??

Read more

Pushing String blog: http://www.xmlgrrl.com/blog

Upcoming SSTC work items

Blog entry: Submitted by evemaler on Wed, 2008-08-06 04:50.

The SSTC's "call for profiling intentions" netted some good information. We've collected it on our working wiki and will keep that CfPI2008 page updated - in fact, we've already seen several of the promised draft documents, so things are hopping in the TC.

If you know of other third-party work that will benefit from SSTC review, or are an SSTC member and plan to submit a profile or extension for consideration, please let me know.

« first‹ previous313233343536373839next ›last »
XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I

Hosted by:

OASIS