6506 2008-10-27 12:10 SAML Holder-of-Key Assertion Request 2008-12-13 10:32:40 1 1 1 Unclassified GridShib Roadmap unspecified All All NEW http://dev.globus.org/wiki/SAMLHoKAssertionRequest P3 enhancement beta 6505 1 trscavo@gmail.com trscavo@gmail.com gridshib-dev@globus.org trscavo@gmail.com 2008-10-27 12:10:07 According to the SAML Holder-of-Key Assertion Request Profile, the SAML requester is the subject, that is, the subject self-issues a SAML request. The subject presents this request and an X.509 certificate to a SAML identity provider. The subject proves possession of the private key corresponding to the public key of the presented certificate and authenticates to the identity provider by unspecified means. The identity provider consumes the request and issues a response. The identity provider binds data from the X.509 certificate to one or more assertions in the response. The requester validates and consumes the response and outputs the holder-of-key assertion(s). The SAML Holder-of-Key Assertion Request Profile depends on the SAML Holder-of-Key Assertion Profile: http://wiki.oasis-open.org/security/SAMLHoKSubjectConfirmation Also, the SAML Holder-of-Key Assertion Request Profile is related to the SAML Holder-of-Key Web Browser SSO Profile: http://wiki.oasis-open.org/security/SamlHoKWebSSOProfile An initial implementation of the latter was contributed by Joana M. F. Trindade through the Google Summer of Code (2008) program. This implementation is the first phase of an implementation plan whose goal is to convert a campus credential (usually a username/password) into a SAML credential. trscavo@gmail.com 2008-12-13 10:32:40 The SAML V2.0 Holder-of-Key Assertion Request Profiles have been submitted to OASIS: http://wiki.oasis-open.org/security/SAMLHoKAssertionRequest