[cas-dev] SAML V1.1 Profiles for X.509 Subjects
Tom Scavo
trscavo at gmail.com
Wed Aug 30 18:44:05 CDT 2006
Hi,
The following document has been submitted to OASIS for consideration:
SAML V1.1 Profiles for X.509 Subjects
http://www.oasis-open.org/committees/document.php?document_id=19996&wg_abbrev=security
This document includes the following profiles:
X.509 SAML Subject Profile
SAML Assertion Profile for X.509 Subjects
SAML Attribute Query Profile for X.509 Subjects
SAML Attribute Self-Query Profile for X.509 Subjects
The profile I'd like to consider here is the SAML Assertion Profile
for X.509 Subjects, which specifies in very general terms how to
produce a SAML V1.1 assertion regarding a principal who has been
issued an X.509 certificate. Such an assertion might contain any type
of statement, including a SAML AuthorizationDecisionStatement. Hence,
the profile is relevant to CAS.
As written, does the SAML Assertion Profile for X.509 Subjects apply
to CAS AuthorizationDecisionStatements? Asked another way, can CAS
AuthorizationDecisionStatements be made to conform to this profile?
If not, can we work towards such a specification? The goal is to have
a single profile that applies to multiple situations (CAS, GridShib,
caBIG, etc.).
Once we nail down these requirements, the next step would be to
specify the binding of such an assertion to an X.509 certificate.
Since CAS is already doing this, I thought we might collaborate in the
writing of this binding profile (to be submitted elsewhere, not
OASIS).
Thanks,
Tom
More information about the cas-dev
mailing list