SAML AuthZ Service / Web Services Security X.509 Certificate Token Profile
Hi all, the SAML AuthZ Service document in section 6.1 requires us to use the Web Services Security X.509 Certificate Token Profile to encode certificate paths. I have been keeping my eyes open for an implementation of this standard for the last few months with no success. Do any of you know of an implementation or are working on one? (e.g. for the delegation service?) Do you have other implementations/ standards to encode certificate paths via XML? Btw, the reference to this standard in the document needs updating, the standard was finalized in the Spring of 2004, it is no longer a draft. - There is an old "Editor's note" in section 6.1.2 SubjectConfirmation Element from Von that can also be taken out. Maybe this can be fixed before its submitted to the editor (otherwise I'll repost in public comment) Thanks Markus ---------------------------------------------------------------- Markus Lorch Department of Computer Science Phone: +1 540 231 5914 Virginia Tech, m/c 106 Fax: +1 540 231 6075 Blacksburg, VA 24061, U.S.A. http://people.cs.vt.edu/~mlorch
Markus Lorch writes (09:51 January 20, 2005):
Hi all,
the SAML AuthZ Service document in section 6.1 requires us to use the Web Services Security X.509 Certificate Token Profile to encode certificate paths. I have been keeping my eyes open for an implementation of this standard for the last few months with no success.
This isn't technically correct as the encoding of the certificate chain is a SHOULD not a MUST. I just checked with Rachana and GT does not include the SubjectConfirmation element, so no help there.
Do any of you know of an implementation or are working on one? (e.g. for the delegation service?) Do you have other implementations/ standards to encode certificate paths via XML?
Btw, the reference to this standard in the document needs updating, the standard was finalized in the Spring of 2004, it is no longer a draft. - There is an old "Editor's note" in section 6.1.2 SubjectConfirmation Element from Von that can also be taken out. Maybe this can be fixed before its submitted to the editor (otherwise I'll repost in public comment)
Thanks. I don't think it has been submitted yet, I've made these corrections in my latest version in any case. Von
Thanks
Markus
---------------------------------------------------------------- Markus Lorch Department of Computer Science Phone: +1 540 231 5914 Virginia Tech, m/c 106 Fax: +1 540 231 6075 Blacksburg, VA 24061, U.S.A. http://people.cs.vt.edu/~mlorch
the SAML AuthZ Service document in section 6.1 requires us to use the Web Services Security X.509 Certificate Token Profile to encode certificate paths. I have been keeping my eyes open for an implementation of this standard for the last few months with no success.
This isn't technically correct as the encoding of the certificate chain is a SHOULD not a MUST.
agreed, this was careless wording on my part.
I just checked with Rachana and GT does not include the SubjectConfirmation element, so no help there.
Yes, I am aware of that. The format in the WS standard is rather elaborate. I was hoping some other work in the community has solved this. There's gotta be somebody who's moving X.509 certificates in an XML format, any XML format :) Markus
participants (2)
-
Markus Lorch -
Von Welch