[jdev] SAML
Jonathan Dickinson
jonathan.dickinson at k2.com
Mon Jul 6 06:02:43 CDT 2009
Has anyone thought about how SAML [Security Assertion Markup Language] would work in terms of SASL <http://en.wikipedia.org/wiki/Saml> and XMPP? This is especially interesting regarding the whole OpenID/SSO discussion a while back; SAML isn't bound to HTTP or any other client for that matter (don't get the wrong idea from the abundance of HTTP documentation - it will work in any transport).
I have been reading a bit about SAML and it looks like they do B64 the SAML XML, with no explanation. It seems a bit strange to B64 an XML fragment in a SOAP document (or an XMPP stream for that matter) - maybe it has to do with the WS-Security schema.
As far as XMPP 1.0 goes we probably would have to B64 the fragment; but here are my initial thoughts on XMPP 2.0:
Possibly:
<mechanism type="http://www.w3.org/XML/1998/namespace">SAML</mechanism>
Which gives raise to:
<mechanism type="urn:xmpp:tmp:text-plain">PATHETIC</mechanism><!-- something like [name];[password] -->
And implicitly:
<mechanism type="urn:xmpp:tmp:base64">DIGEST-MD5</mechanism>
Indeed, we could go as far as to turn it into a feature on its own. It does support SASL-like mechanism selection itself; it should be possible to jippo SASL right in there:
<stream:features>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>DIGEST-MD5</mechanism>
<mechanism>PLAIN</mechanism>
<mechanism>EXTERNAL</mechanism>
</mechanisms>
<saml xmlns='http://the/saml/namespace'/>
</stream:features>
-- Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.jabber.org/jdev/attachments/20090706/d1587d28/attachment-0002.htm>
More information about the JDev
mailing list