Jeff Hodges and Scott Cantor have released an updated version of their HTTP POST "SimpleSign" Binding.
The 'SimpleSign' in the name refers to the binding's use of a (if signatures are used at all) 'sign the blob' model for message integrity and authentication rather than using XML Signature (as is the case in the existing SAML HTTP POST Binding).
XML Signature is part of the 'weightiness' that some associate with SAML. The 'un-wanted pounds' that SAML supposedly carries are seen as an artifact of the formative years it spent in an enterprise cafeteria eating subsidized lasagna and drinking watered-down Coke.
Even with its love-handles, SAML has had no trouble getting dates. But I think of this binding as SAML flexing a bit, showing off a new leaner bod, and getting ready for new relationship opportunities (such as
SAMLv2 Lightweight Web Browser SSO Profile). And of course, the tall-n-husky SAML is still around as well, should you be looking for a more secure relationship.
No comments:
Post a Comment