[OpenID] Infocards [SAML Token] Vs OpenID Infocards [OpenID Token]
=JeffH
Jeff.Hodges at neustar.biz
Wed Dec 19 22:33:37 UTC 2007
Johnny Bufu wrote:
> On 19-Dec-07, at 8:30 AM, Peter Williams wrote:
>
>> The only claim I've ever heard is that library implementors have
>> less work to do parsing an openid msg, in contrast to parsing a xml
>> message (using xerces etc). Thus there is lower start up cost to
>> folks who have no access to a existing saml library (eg that which
>> comes with windows).
>
> Yes, that's one of the main advantages
well, the SAML 2.0/PHP SP implementation (nee "Lightbulb", by Pat Patterson)
parses the XML "by hand" (in both PHP and Ruby) and demonstrates that it isn't
that big of a deal.
http://developers.sun.com/identity/reference/techart/lightbulb.html
https://opensso.dev.java.net/public/extensions/
> (to which I would add no
> infocard crypto requirements - the OpenID Infocard token is posted in
> clear text to the RP).
huh? what crypto requirements? A SAML assertion can certainly be conveyed in
clear text and/or unsigned if that's what the profile & binding the
communicating parties are employing allows for or stipulates.
Since there's as yet no "official, blessed, final, generally recognized, widely
implemented" spec for "infocards + SAML", there's tons of wiggle room on points
such as these.
> ..cannot be accomplished with the current Infocard + SAML specification..
which specific "Infocard + SAML specification" are you referring to? url?
=JeffH
More information about the general
mailing list