On 1/31/07, Valerio Venturi <valerio.venturi@cnaf.infn.it> wrote:
On Mon, 2007-01-29 at 20:10 +0000, David Chadwick wrote:
* Other business Tom Scavo: Do we need mechanism to bind SAML to X.509 (equivalent to VOMS)? David: 2005 X.509 has specification for binding XML to X.509, but doesn't specify XML content Tom Scavo to investigate how these relate. Shouldn't this be done by SubjectConfirmation? Or are you talking about assertions travelling within X.509 proxies?
Yes, the latter. See the following wiki page for some crude thoughts along these lines:
https://spaces.internet2.edu/display/GS/X509BindingSAML Thanks, we'll have a look at it. However, in our plans, the natural
On Wed, 2007-01-31 at 09:38 -0500, Tom Scavo wrote: format for attributes in X.509 proxies extensions will still be ACs so I don't know if it will be a needs for us.
David: VOMS is providing a standard SAML protocol interface for picking up VOMS attributes. A beta is supposed to be ready by April 2007 That's correct David. The protocol is that in SAML V2.0 Profiles for X.509 Subject as agreed. We are about to work on the implementation of the protocol and we will eventually inform Tom and the authors about any issue we may have. Hope it won't be too late by that time but we couldn't make it before.
Not too late from my point of view. Valerio, would you mind providing a pointer to the spec you're looking at? There have been many versions and I want to make sure you're looking at the right one. http://www.oasis-open.org/committees/document.php?document_id=20000&wg_abbrev=security
Valerio