draft-hodges-saml-mediatype-01
Jeff Hodges
Jeff.Hodges at Sun.COM
Thu Jun 24 16:19:34 CEST 2004
Any feedback on the below draft?
thanks,
JeffH
-----
http://www.ietf.org/internet-drafts/draft-hodges-saml-mediatype-01.txt
-----------------------------------------------------------------------------
Network Working Group J. Hodges
Internet-Draft Sun Microsystems, Inc.
Expires: December 16, 2004 June 17, 2004
application/saml+xml Media Type Registration
draft-hodges-saml-mediatype-01
Status of this Memo
By submitting this Internet-Draft, I certify that any applicable
patent or other IPR claims of which I am aware have been disclosed,
and any of which I become aware will be disclosed, in accordance with
RFC 3667.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 16, 2004.
Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract
This document describes a MIME media type -- application/saml+xml --
for use with the XML serialization of SAML (Security Assertion Markup
Language) assertions, or other SAML-defined objects.
Hodges Expires December 16, 2004 [Page 1]
Internet-Draft application/saml+xml June 2004
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1 Discussion of this Document . . . . . . . . . . . . . . . 3
1.2 Document Conventions . . . . . . . . . . . . . . . . . . . 3
2. Usage of the application/saml+xml MIME Media Type . . . . . . 4
3. application/saml+xml MIME Media Type Registration . . . . . . 4
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
5. Security Considerations . . . . . . . . . . . . . . . . . . . 6
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6
Normative References . . . . . . . . . . . . . . . . . . . . . 6
Informative References . . . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8
A. Revision History . . . . . . . . . . . . . . . . . . . . . . . 8
Intellectual Property and Copyright Statements . . . . . . . . 9
Hodges Expires December 16, 2004 [Page 2]
Internet-Draft application/saml+xml June 2004
1. Introduction
This document defines a MIME media type -- application/saml+xml --
for use with the XML serialization of SAML (Security Assertion Markup
Language) assertions, or other SAML-defined objects.
The SAML specification sets, SAML V1.0 [5] and SAML V1.1 [9], are
work products of the OASIS [13] Security Services Technical Committee
(SSTC) [14]. The SAML specifications define XML-based constructs with
which one may make, and convey, security assertions. For example, one
can assert that an authentication event pertaining to some subject
has occured and convey said assertion to a relying party.
1.1 Discussion of this Document
Please send comments on this document to the "security services
comment" email distribution list:
<mailto:security-services-comment at lists.oasis-open.org>
The "security services comment" mailing list is publically archived
here [15].
To post to the "security services comment" mailing list, one must
subscribe to it. To subscribe, send a message with the single word
"subscribe" in the message body, to:
<mailto:security-services-comment-request at lists.oasis-open.org>
Additionally, the SAML developer community email distribution list:
<mailto:saml-dev at lists.oasis-open.org>
may be employed to discuss usage of the application/saml+xml MIME
media type.
The "saml-dev" mailing list is publically archived here [16].
To post to the "saml-dev" mailing list, one must subscribe to it. To
subscribe, send a message with the single word "subscribe" in the
message body, to:
<mailto:saml-dev-request at lists.oasis-open.org>
1.2 Document Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
Hodges Expires December 16, 2004 [Page 3]
Internet-Draft application/saml+xml June 2004
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [2].
2. Usage of the application/saml+xml MIME Media Type
Application protocols capable of conveying MIME entities, such as
HTTP [3], SHOULD use the media type defined in this document when
conveying SAML-defined objects.
3. application/saml+xml MIME Media Type Registration
This is a media type registration as defined in Multipurpose Internet
Mail Extensions (MIME) Part Four: Registration Procedures [1] and XML
Media Types [4].
MIME media type name:
application
MIME subtype name:
saml+xml
Required parameters:
none
Optional parameters: charset
Same as charset parameter of application/xml.
Encoding considerations:
Same as charset parameter of application/xml.
Security considerations:
Security considerations include many of those described in
section 10 of RFC 3023 [4] as well as those specifically
described in:
SAML V1.0 Assertions and Protocol [6]
SAML V1.0 Bindings and Profiles [7]
SAML V1.0 Security and Privacy Considerations [8]
..and/or..
Hodges Expires December 16, 2004 [Page 4]
Internet-Draft application/saml+xml June 2004
SAML V1.1 Assertions and Protocol [10]
SAML V1.1 Bindings and Profiles [11]
SAML V1.1 Security and Privacy Considerations [12] .
..depending on the version of the SAML object (see the next
item).
Interoperability considerations:
SAML assertions are explicitly versioned. Relying parties
SHOULD ensure that they observe assertion version information
and behave accordingly. See "Chapter 4 SAML Versioning" in
SAML V1.0 Assertions and Protocol [6], and/or SAML V1.1
Assertions and Protocol [10], as appropriate.
Published specification:
See the SAML V1.0 [5] and SAML V1.1 [9] specification sets.
Applications which use this media type:
SAML is device-, platform-, and vendor-neutral and is supported
by a range of server- and client-side applications and tools.
Additional information:
Magic number(s): none, but..
Although no byte sequences can be counted on to consistently
identify SAML objects, i.e. assertions and/or protocol
messages, they will contain either one, or both of, the
strings:
urn:oasis:names:tc:SAML:1.0:assertion
urn:oasis:names:tc:SAML:1.0:protocol
to identify the SAML XML namespace(s).
File extension(s):
none
Macintosh File Type Code(s):
none
Hodges Expires December 16, 2004 [Page 5]
Internet-Draft application/saml+xml June 2004
Person & email address to contact for further information:
Use the email distribution lists identified in Section 1.1
above.
Additionally, or otherwise, refer to the Security Services
Technical Committee website [14].
Intended usage:
COMMON
Author/Change controller:
The SAML specification sets are a work product of the OASIS
Security Services Technical Committee (SSTC). OASIS and the
SSTC have change control over the SAML specification sets.
4. IANA Considerations
This document calls for registration of a new MIME content-type,
according to the registration information given above in Section 3.
5. Security Considerations
See the "Security Considerations" item in Section 3 above.
6. Acknowledgements
This doc is based on Aaron Schwartz' internet-draft for the
application/rdf+xml MIME media type [18]. Thanks to Graham Klyne for
pointing me to the latter, to Scott Cantor and John Kemp for
volunteering me to write this, and to Marshall Rose for his xml2rfc
document converter gizmo [17]. Artists whose music contributed to the
writing of this spec ranged from John Coltrane [19] to Trapt [20].
Normative References
[1] Freed, N., Klensin, J. and J. Postel, "Multipurpose Internet
Mail Extensions (MIME) Part Four: Registration Procedures", BCP
13, RFC 2048, November 1996.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[3] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol --
Hodges Expires December 16, 2004 [Page 6]
Internet-Draft application/saml+xml June 2004
HTTP/1.1", RFC 2616, June 1999.
[4] Murata, M., St. Laurent, S. and D. Kohn, "XML Media Types", RFC
3023, January 2001.
[5] OASIS, "Security Assertion Markup Language (SAML) Version 1.0
Specification Set", OASIS Standard 200205, September 2003,
<http://www.oasis-open.org/committees/download.php/2290/
oasis-sstc-saml-1.0.zip>.
[6] Hallam-Baker, P., Ed. and E. Maler, Ed., "Assertions and
Protocol for the OASIS Security Assertion Markup Language
(SAML) V1.0", OASIS Standard 200205, November 2002, <http://
www.oasis-open.org/apps/org/workgroup/security/download.php/
1371/oasis-sstc-saml-core-1.0.pdf>.
[7] Mishra, P., Ed., "Bindings and Profiles for the OASIS Security
Assertion Markup Language (SAML) V1.0", OASIS Standard 200205,
November 2002, <http://www.oasis-open.org/apps/org/workgroup/
security/download.php/1372/oasis-sstc-saml-bindings-1.0.pdf>.
[8] McLaren, C., Ed., "Security and Privacy Considerations for the
OASIS Security Assertion Markup Language (SAML) V1.0", OASIS
Standard 200205, November 2002, <http://www.oasis-open.org/
apps/org/workgroup/security/download.php/1375/
oasis-sstc-saml-sec-consider-1.0.pdf>.
[9] OASIS, "Security Assertion Markup Language (SAML) Version 1.1
Specification Set", OASIS Standard 200308, September 2003,
<http://www.oasis-open.org/committees/download.php/3400/
oasis-sstc-saml-1.1-pdf-xsd.zip>.
[10] Maler, E., Ed., Mishra, P., Ed. and R. Philpott, Ed.,
"Assertions and Protocol for the OASIS Security Assertion
Markup Language (SAML) V1.1", OASIS Standard 200308, September
2003, <http://www.oasis-open.org/apps/org/workgroup/security/
download.php/3406/oasis-sstc-saml-core-1.1.pdf>.
[11] Maler, E., Ed., Mishra, P., Ed. and R. Philpott, Ed., "Bindings
and Profiles for the OASIS Security Assertion Markup Language
(SAML) V1.1", OASIS Standard 200308, September 2003, <http://
www.oasis-open.org/apps/org/workgroup/security/download.php/
3405/oasis-sstc-saml-bindings-1.1.pdf>.
[12] Maler, E., Ed. and R. Philpott, Ed., "Security and Privacy
Considerations for the OASIS Security Assertion Markup
Language (SAML) V1.1", OASIS Standard 200308, September 2003,
<http://www.oasis-open.org/apps/org/workgroup/security/
Hodges Expires December 16, 2004 [Page 7]
Internet-Draft application/saml+xml June 2004
download.php/3404/oasis-sstc-saml-sec-consider-1.1.pdf>.
Informative References
[13] "Organization for the Advancement of Structured Information
Systems (OASIS)", <http://www.oasis-open.org/>.
[14] "Security Services Technical Committee (SSTC/SAML)", <http://
www.oasis-open.org/committees/security/>.
[15] "SSTC/SAML 'comment' Mailing List Archives", <http://
lists.oasis-open.org/archives/security-services-comment/>.
[16] "SSTC/SAML 'saml-dev' Mailing List Archives", <http://
lists.oasis-open.org/archives/saml-dev/>.
[17] "Marshall Rose's xml2rfc tool", <http://xml.resource.org>.
URIs
[18] <http://www.aaronsw.com/2002/
draft-w3c-rdfcore-rdfxml-mediatype-01>
[19] <http://www.johncoltrane.com/>
[20] <http://www.trapt.com/>
Author's Address
Jeff Hodges
Sun Microsystems, Inc.
4220 Network Circle, Bldg 22, USCA22-212
Santa Clara, CA 95054
USA
Phone: +1 408.276.5467
EMail: Jeff.Hodges at sun.com
URI: http://www.sun.com/
Appendix A. Revision History
Hodges Expires December 16, 2004 [Page 8]
Internet-Draft application/saml+xml June 2004
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the IETF's procedures with respect to rights in IETF Documents can
be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr at ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Hodges Expires December 16, 2004 [Page 9]
-----------------------------------------------------------------------------
More information about the Ietf-types
mailing list