permaculture playing cards*
The moose likes Web Services Certification (SCDJWS/OCEJWSD) and the fly likes Is SAML used by WS-Security? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Services Certification (SCDJWS/OCEJWSD)
Bookmark "Is SAML used by WS-Security?" Watch "Is SAML used by WS-Security?" New topic
Author

Is SAML used by WS-Security?

Himai Minh
Ranch Hand

Joined: Jul 29, 2012
Posts: 721
In EPractice Lab, a question "Which of the following security technologies are used by WS-Security?"
A. SAML
B. XACML
C. XML Encryption
D. XML Canonicalization
E. XML Digital Signatures.

I believe the answer should be A, C, D, E.
But the given answer is C,D,E.
Why SAML is not used by WS-Security?
According to http://en.wikipedia.org/wiki/WS-Security about WS-Security:

The protocol...allows the communication of various security token format: SAML....



... open to various security token models: SAML Assertions, X 509 Certificate, Kerberos tickets ....
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41057
    
  43
WS-Security does not use any specific token itself ; those token types can be sent using WS-Security, though.


Ping & DNS - my free Android networking tools app
Himai Minh
Ranch Hand

Joined: Jul 29, 2012
Posts: 721
I found a SAML assertion token from WS-Security SAML Token Profile 1.1
Does it mean WS-Security uses SAML ?

<S12:Envelope
xmlns:S12=
"...">
<S12:Header>
<wsse:Security
xmlns:wsse="..."
>
<saml:Assertion
xmlns:saml="
...
"
AssertionID="_a75adf55-01d7-40cc-929f-dbd8372ebdfc"
IssueInstant="2003-04-17T00:46:02Z"
Issuer=”
www.opensaml.org

MajorVersion="1"
MinorVersion="1">
<saml:AuthenticationStatement>
<saml:Subject>
<saml:NameIdentifier
NameQualifier="www.example.com"
Format=“urnasis:names:tc:SAML:1.1:nameid-
format:X509SubjectName”>
uid=joe,ou=people,ou=saml-demo,o=baltimore.com
</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>
urnasis:names:tc:SAML:1.0:cm:bearer
</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
</saml:Assertion>
</wsse:Security>
</S12:Header>
<S12:Body>
. . .
</S12:Body>
</S12:Envelop>
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41057
    
  43
WSS can make use of SAML tokens, but that's optional.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Is SAML used by WS-Security?
 
Similar Threads
is there a standard way to make tomcat support security for web service message level?
Those who have taken Beta!
SAML and WS-Trust
Took the exam today
Question on XML Signature