You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-c-dev@ws.apache.org by Supun Kamburugamuva <su...@gmail.com> on 2008/05/12 13:40:04 UTC

SAML 2.0 Implementation

Hi List,

At the moment Rampart/C has an implementation of SAML 1.1 specification.
This implementation facilitates creation and processing of SAML 1.1
Assertions. SAML token profile 1.0 is also implemented into the Rampart/C.
This token profile facilitate the sending and processing of SAML Assertions
inside the security header. I think it is time to implement SAML 2.0.

AFAIK SAML 2.0 doesn't has a token profile for Web Services. So the initial
implementation will focus on creation and processing of SAML tokens and
nothing will be asserted about how the SAML tokens are sent in the Security
header. One option is to send them as custom tokens.

SAML 2.0 implementation will focus on the SAML Assertions. This
implementation will be a tree like structure (Object model) which can be
used for easy processing of SAML Assertions. For example something like
struct saml2_assertion_t will be at the top and all other structures
representing the SAML constructs like statements, conditions will be fields
in this saml2_assertion_t. Structures like saml2_statement_t will host other
structures forming a tree like structure.

Any comments are highly appreciated.

Regards,
Supun..

Re: SAML 2.0 Implementation

Posted by Supun Kamburugamuva <su...@gmail.com>.

SAML Assertion implementation is a starting point for implementing the SAML
2.0. Also with the resources we have, if we first concentrate on
implementing the Assertion part we will be able to come up with a good
quality implementation.

I have created a Jira[1] for the implementation.

[1] https://issues.apache.org/jira/browse/RAMPARTC-100

Supun..

On Tue, May 13, 2008 at 7:52 AM, Milinda Pathirage <
milinda.pathirage@gmail.com> wrote:

> Hi all,
> AFAIK SAML 2.0 has some conflicts (actually they are not conflicts but
> alternatives) with some of the WS-* specs like WS-Federation :). There are
> so many arguments going on about this. So it's better to implement basic
> things first and go for others if required.
>
> Thanks
> Milinda
>
> On Tue, May 13, 2008 at 3:36 AM, Kaushalye Kapuruge <ka...@wso2.com>
> wrote:
>
> > Prasadcse Perera wrote:
> >
> > > Thats great!. Since most of the SAML users now upgrading to the SAML
> > > 2.0,
> > > having SAML 2.0 support with Rampart/C will be a great deal. Add to
> that
> > > why
> > > not implement the SAML 2.0 platform in a whole rather than SAML
> > > Assertion
> > > (token) support.
> > >
> > Agreed. But I'd rather implement the very basics first as Supun
> suggested.
> > Once it's done we can assemble all the bits and pieces and form a higher
> > layer. With the custom tokens it can be easily inserted into the
> Security
> > header.
> > Cheers,
> > Kau
> >
> >  As I got to know,  SAML 2.0 has some powerful features
> > > compared to the previous versions.
> > > On 5/12/08, Supun Kamburugamuva <su...@gmail.com> wrote:
> > >
> > >
> > > > Hi List,
> > > >
> > > > At the moment Rampart/C has an implementation of SAML 1.1
> > > > specification.
> > > > This implementation facilitates creation and processing of SAML 1.1
> > > > Assertions. SAML token profile 1.0 is also implemented into the
> > > > Rampart/C.
> > > > This token profile facilitate the sending and processing of SAML
> > > > Assertions
> > > > inside the security header. I think it is time to implement SAML
> 2.0.
> > > >
> > > > AFAIK SAML 2.0 doesn't has a token profile for Web Services. So the
> > > > initial
> > > > implementation will focus on creation and processing of SAML tokens
> > > > and
> > > > nothing will be asserted about how the SAML tokens are sent in the
> > > > Security
> > > > header. One option is to send them as custom tokens.
> > > >
> > > > SAML 2.0 implementation will focus on the SAML Assertions. This
> > > > implementation will be a tree like structure (Object model) which
> can
> > > > be
> > > > used for easy processing of SAML Assertions. For example something
> > > > like
> > > > struct saml2_assertion_t will be at the top and all other structures
> > > > representing the SAML constructs like statements, conditions will be
> > > > fields
> > > > in this saml2_assertion_t. Structures like saml2_statement_t will
> host
> > > > other
> > > > structures forming a tree like structure.
> > > >
> > > > Any comments are highly appreciated.
> > > >
> > > > Regards,
> > > >
> > > > Supun..
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> >
> > --
> > http://blog.kaushalye.org/
> > http://wso2.org/
> >
> >
>
>
> --
> http://inf-dimensions.blogspot.com "Infinite Dimensions"
> http://wsaxc.blogspot.com "Web Services With Axis2/C"
>

Re: SAML 2.0 Implementation

Posted by Milinda Pathirage <mi...@gmail.com>.

Hi all,
AFAIK SAML 2.0 has some conflicts (actually they are not conflicts but
alternatives) with some of the WS-* specs like WS-Federation :). There are
so many arguments going on about this. So it's better to implement basic
things first and go for others if required.

Thanks
Milinda

On Tue, May 13, 2008 at 3:36 AM, Kaushalye Kapuruge <ka...@wso2.com>
wrote:

> Prasadcse Perera wrote:
>
> > Thats great!. Since most of the SAML users now upgrading to the SAML
> > 2.0,
> > having SAML 2.0 support with Rampart/C will be a great deal. Add to that
> > why
> > not implement the SAML 2.0 platform in a whole rather than SAML
> > Assertion
> > (token) support.
> >
> Agreed. But I'd rather implement the very basics first as Supun suggested.
> Once it's done we can assemble all the bits and pieces and form a higher
> layer. With the custom tokens it can be easily inserted into the Security
> header.
> Cheers,
> Kau
>
>  As I got to know,  SAML 2.0 has some powerful features
> > compared to the previous versions.
> > On 5/12/08, Supun Kamburugamuva <su...@gmail.com> wrote:
> >
> >
> > > Hi List,
> > >
> > > At the moment Rampart/C has an implementation of SAML 1.1
> > > specification.
> > > This implementation facilitates creation and processing of SAML 1.1
> > > Assertions. SAML token profile 1.0 is also implemented into the
> > > Rampart/C.
> > > This token profile facilitate the sending and processing of SAML
> > > Assertions
> > > inside the security header. I think it is time to implement SAML 2.0.
> > >
> > > AFAIK SAML 2.0 doesn't has a token profile for Web Services. So the
> > > initial
> > > implementation will focus on creation and processing of SAML tokens
> > > and
> > > nothing will be asserted about how the SAML tokens are sent in the
> > > Security
> > > header. One option is to send them as custom tokens.
> > >
> > > SAML 2.0 implementation will focus on the SAML Assertions. This
> > > implementation will be a tree like structure (Object model) which can
> > > be
> > > used for easy processing of SAML Assertions. For example something
> > > like
> > > struct saml2_assertion_t will be at the top and all other structures
> > > representing the SAML constructs like statements, conditions will be
> > > fields
> > > in this saml2_assertion_t. Structures like saml2_statement_t will host
> > > other
> > > structures forming a tree like structure.
> > >
> > > Any comments are highly appreciated.
> > >
> > > Regards,
> > >
> > > Supun..
> > >
> > >
> > >
> >
> >
> >
>
>
> --
> http://blog.kaushalye.org/
> http://wso2.org/
>
>


-- 
http://inf-dimensions.blogspot.com "Infinite Dimensions"
http://wsaxc.blogspot.com "Web Services With Axis2/C"

Re: SAML 2.0 Implementation

Posted by Kaushalye Kapuruge <ka...@wso2.com>.

Prasadcse Perera wrote:
> Thats great!. Since most of the SAML users now upgrading to the SAML 2.0,
> having SAML 2.0 support with Rampart/C will be a great deal. Add to that why
> not implement the SAML 2.0 platform in a whole rather than SAML Assertion
> (token) support.
Agreed. But I'd rather implement the very basics first as Supun 
suggested. Once it's done we can assemble all the bits and pieces and 
form a higher layer. With the custom tokens it can be easily inserted 
into the Security header.
Cheers,
Kau
> As I got to know,  SAML 2.0 has some powerful features
> compared to the previous versions.
> On 5/12/08, Supun Kamburugamuva <su...@gmail.com> wrote:
>   
>> Hi List,
>>
>> At the moment Rampart/C has an implementation of SAML 1.1 specification.
>> This implementation facilitates creation and processing of SAML 1.1
>> Assertions. SAML token profile 1.0 is also implemented into the Rampart/C.
>> This token profile facilitate the sending and processing of SAML
>> Assertions
>> inside the security header. I think it is time to implement SAML 2.0.
>>
>> AFAIK SAML 2.0 doesn't has a token profile for Web Services. So the
>> initial
>> implementation will focus on creation and processing of SAML tokens and
>> nothing will be asserted about how the SAML tokens are sent in the
>> Security
>> header. One option is to send them as custom tokens.
>>
>> SAML 2.0 implementation will focus on the SAML Assertions. This
>> implementation will be a tree like structure (Object model) which can be
>> used for easy processing of SAML Assertions. For example something like
>> struct saml2_assertion_t will be at the top and all other structures
>> representing the SAML constructs like statements, conditions will be
>> fields
>> in this saml2_assertion_t. Structures like saml2_statement_t will host
>> other
>> structures forming a tree like structure.
>>
>> Any comments are highly appreciated.
>>
>> Regards,
>>
>> Supun..
>>
>>     
>
>   


-- 
http://blog.kaushalye.org/
http://wso2.org/

Re: SAML 2.0 Implementation

Posted by Prasadcse Perera <pr...@gmail.com>.

Thats great!. Since most of the SAML users now upgrading to the SAML 2.0,
having SAML 2.0 support with Rampart/C will be a great deal. Add to that why
not implement the SAML 2.0 platform in a whole rather than SAML Assertion
(token) support.As I got to know,  SAML 2.0 has some powerful features
compared to the previous versions.
On 5/12/08, Supun Kamburugamuva <su...@gmail.com> wrote:
>
> Hi List,
>
> At the moment Rampart/C has an implementation of SAML 1.1 specification.
> This implementation facilitates creation and processing of SAML 1.1
> Assertions. SAML token profile 1.0 is also implemented into the Rampart/C.
> This token profile facilitate the sending and processing of SAML
> Assertions
> inside the security header. I think it is time to implement SAML 2.0.
>
> AFAIK SAML 2.0 doesn't has a token profile for Web Services. So the
> initial
> implementation will focus on creation and processing of SAML tokens and
> nothing will be asserted about how the SAML tokens are sent in the
> Security
> header. One option is to send them as custom tokens.
>
> SAML 2.0 implementation will focus on the SAML Assertions. This
> implementation will be a tree like structure (Object model) which can be
> used for easy processing of SAML Assertions. For example something like
> struct saml2_assertion_t will be at the top and all other structures
> representing the SAML constructs like statements, conditions will be
> fields
> in this saml2_assertion_t. Structures like saml2_statement_t will host
> other
> structures forming a tree like structure.
>
> Any comments are highly appreciated.
>
> Regards,
>
> Supun..
>