SAML V2.0 Holder-of-Key Web Browser SSO Profile

Summary: The SAML V2.0 Holder-of-Key Web Browser SSO Profile allows for transport of holder-of-key assertions by standard HTTP user agents with no modification of client software and maximum compatibility with existing deployments. The flow is similar to standard Web Browser SSO, but an X.509 certificate presented by the user agent via a TLS handshake supplies a key to be used in a holder-of-key assertion. Proof of possession of the private key corresponding to the public key in the certificate resulting from the TLS handshake strengthens the assurance of the resulting authentication context and protects against credential theft. Neither the identity provider nor the service provider is required to validate the certificate. This specification is a cryptographically strong alternative to the SAML V2.0 Web Browser SSO Profile described in the SAML V2.0 Profiles specification.

Committee Draft 03

Draft 13 was approved by the SSTC as a Committee Draft on 20 Oct 2009.

Committee Draft 03 (sstc-saml-holder-of-key-browser-sso-cd-03) was uploaded by T. Scavo on 2 Nov 2009.

A minor revision was uploaded by T. Scavo on 15 Dec 2009.

Draft 13 (sstc-saml-holder-of-key-browser-sso-draft-13) was uploaded by T. Scavo on 4 Oct 2009.

This draft fixes some bugs in CS 01.

Committee Specification 01 (sstc-saml-holder-of-key-browser-sso-cs-01) was approved by the SSTC on 28 Jul 2009.

Draft 12 was approved by the SSTC as a Committee Draft on 30 Jun 2009.

Committee Draft 02 (sstc-saml-holder-of-key-browser-sso-cd-02) was uploaded by T. Scavo on 5 Jul 2009.

Draft 12 (sstc-saml-holder-of-key-browser-sso-draft-12) was uploaded by T. Scavo on 14 Jun 2009.

Committee Draft 01 (sstc-saml-holder-of-key-browser-sso-cd-01) underwent Public Review between 26 March 2009 and 25 May 2009.

See the OASIS official announcement and the Public Comments page for details regarding this Public Review.

Committee Draft 01 (sstc-saml-holder-of-key-browser-sso-cd-01) was uploaded by T. Scavo on 9 Mar 2009.

Draft 11 was approved by the SSTC as a Committee Draft on 24 Feb 2009.

Draft 11 (sstc-saml-holder-of-key-browser-sso-draft-11) was uploaded by T. Scavo on 11 Jan 2009.

Draft 10 (sstc-saml-holder-of-key-browser-sso-draft-10) was uploaded by N. Klingenstein on 12 Dec 2008.

Draft 09 (sstc-saml-holder-of-key-browser-sso-draft-09) was uploaded by N. Klingenstein on 11 Nov 2008.

Draft 08 (sstc-saml-holder-of-key-browser-sso-draft-08) was uploaded by N. Klingenstein on 2 Nov 2008.

Draft 07 (sstc-saml-holder-of-key-browser-sso-draft-07) was uploaded by N. Klingenstein on 23 Sep 2008.

Draft 06 (sstc-saml-holder-of-key-browser-sso-draft-06) was uploaded by N. Klingenstein on 26 Aug 2008.

Draft 05 (sstc-saml-holder-of-key-browser-sso-draft-05) was uploaded by N. Klingenstein on 4 Aug 2008.

Draft 04 (sstc-saml-holder-of-key-browser-sso-draft-04) was uploaded by N. Klingenstein on 22 Jun 2008.

Draft 03 (sstc-saml-holder-of-key-browser-sso-draft-03) was uploaded by N. Klingenstein on 17 Jun 2008.

Draft 02 (sstc-saml-holder-of-key-browser-sso-draft-02) was uploaded by N. Klingenstein on 21 Apr 2008.

Draft 01 (sstc-saml-holder-of-key-browser-sso-draft-01) was uploaded by N. Klingenstein on 27 Feb 2008.