Hi Supun,
Thanks for the effort. See my comments inline...
Supun Kamburugamuva wrote:
Hi All,
I have skim through the SAML 2.0 specification. It seems that SAML 2.0
specification is similar to the SAML 1.1 specification. So we can reuse the
code in SAML 1.1 for building the SAML 2.0.
A SAML implementation usually consists of 2 parts.
1. Facilitate the user to create and process SAML tokens by providing
a API - Service and client level.
2. Process and integrate SAML tokens in the SOAP security header -
Rampart level
Since SAML 2.0 is similar to SAML 1.1 we can achieve the 1st target quickly.
It seems that SAML 2.0 assertions support advanced encryption and signature
features.
Isn't it enveloped signature that we have to use? Can't we use the same
algorithm suites for the start?
What are the advanced features that we need to add (to the OMXMLSecurity)?
i.e it allows encryption of individual XML elements in an
Assertion. These will probably require the introduction of new features to
the OMXML library of Rampart/C like XPath support. But these features may
not require at the beginning and we can introduce them gradually.
+1. XPath would be better but we have to live with what we have.
Considering all these things, fully achieving the 2nd part will take some
time.
Are we talking about 4 weeks to develop and test... or more?
Cheers,
Kaushalye
Regards,
Supun..
On Fri, Apr 11, 2008 at 10:19 AM, Samisa Abeysinghe <
[EMAIL PROTECTED]> wrote:
Kasun Indrasiri wrote:
Hi,
Hi,
AFAIK it'll take at least a month to make the current SAML
implementation
support SAML 2.0. But it will depend on the differences between SAML
1.1
and
SAML 2.0, because SAML 2.0 has some major changes with respect to SAML
1.1.
Thanks
Milinda
Yes I will depends on the difference between SAML 1.1 and SAML 2. We
may
some times needed to implement SAML 2.0 as an indepedent module from
SAML
1.1 due to the drastic differences btn SAML 1.1 and its counterpart.
OK, that is interesting. So if it is a separate module, would a single
deployment of Rampart be able to handle both versions at once? Also, does a
separate module for SAML 2.0 means that there would not be any reuse of
current SAML 1.1 impl? Is there any way of refactoring what we have done
already to accommodate both at once and reuse some stuff?
Thanks,
Samisa...
Thanks
Kasun.
--
Samisa Abeysinghe
http://people.apache.org/~samisa/ <http://people.apache.org/%7Esamisa/>
--
http://blog.kaushalye.org/
http://wso2.org/
