WARNING: This server is unstable and will be retired in the next days.
If you want to keep this forum available, please request immediately a migration
on the Nabble Support forum.
Forums that don't receive any migration request will be deleted forever.
Continuing in the vein of exploring how to make things easier
implementation-wise for web sso relying parties, aka "service providers" --
which is a significant aspect of what's been discussed on this list -- we've
crafted a "SAMLv2 Lightweight Web Browser SSO Profile":
This profile builds upon the "HTTP-POST-NoXMLdsig" SAML binding referenced in a
prior message .
We understand that the overall problem space being discussed on this list goes
beyond "simple web SSO", but there are several reasons we feel it worthwhile to
craft a simple, lightweight, SAML web sso profile and contribute it to the
* it is a large multi-faceted problem space and we find it valuable
to break things down into smaller pieces
* we want to explore which "knobs and buttons" in the existing SAML Web
SSO Profile we can "turn down" in order to simplify service provider
implementation and deployment effort 
* we want to explore whether we can craft things such that the solutions
for the other portions of the problem space can leverage a SAML
profile such as this
* there are a non-trivial number of SAML-based deployments 
and products , so crafting a lightweight SSO mechanism that
more closely resembles an existing SAML profile has the benefit
of facilitating migration/interoperation for implementors and
 e.g. by constraining the set of SAML bindings the web sso profile relies
upon, eg the artifact binding -- which requires "callbacks" on the part
of the sP to the IDP/identity agent -- implementation, and especially
deployment is significantly simplified.
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : SAMLv2 Lightweight Web Browser SSO Profile
Author(s) : J. Hodges, S. Cantor
Filename : draft-hodges-saml-lsso-00.txt
Pages : 28
Date : 2006-6-22
This document specifies a SAMLv2 lightweight Web Browser Single
Sign-On Profile. This profile is modeled on the OASIS SAMLv2 Web
Browser SSO profile, adding various constraints, and using a new
lightweight SAMLv2 HTTP POST binding which does not rely on XML
Digital Signature -- relying on a more simple-to-implement signature