Liberty ID-FF Bindings and Profiles Specification - Liberty Alliance

More documents

Recommendations

Info

Liberty Alliance Project:Liberty ID-FF Bindings and Profiles SpecificationVersion: 1.2-errata-v2.03738394041424344454647484950515253545556571. IntroductionThis specification defines the bindings and profiles of the Liberty protocols and messages to HTTP-based communicationframeworks. This specification relies on the SAML core framework in [SAMLCore11] and makes use ofadaptations of the SAML profiles in [SAMLBind11]. A separate specification, [LibertyProtSchema], is used to definethe Liberty protocols and messages used within the profiles. Definitions for Liberty-specific terms can be found in[LibertyGlossary].1.1. NotationThe key words "MUST," "MUST NOT," "REQUIRED," "SHALL," "SHALL NOT," "SHOULD," "SHOULD NOT,""RECOMMENDED," "MAY," and "OPTIONAL" in this specification are to be interpreted as described in [RFC2119]:"they MUST only be used where it is actually required for interoperation or to limit behavior which has potential forcausing harm (e.g., limiting retransmissions)."These keywords are thus capitalized when used to unambiguously specify requirements over protocol and applicationfeatures and behavior that affect the interoperability and security of implementations. When these words are notcapitalized, they are meant in their natural-language sense.Listings of productions or other normative code appear like this.Example code listings appear like this.Note:Non-normative notes and explanations appear like this.Conventional XML namespace prefixes are used throughout this specification to stand for their respective namespacesas follows, regardless of whether a namespace declaration is present in the example:XML Namespace Conventions585960616263646566676869• The prefix lib: stands for the Liberty namespace urn:liberty:iff:2003-08• The prefix saml: stands for the SAML assertion namespace (see [SAMLCore]).• The prefix samlp: stands for the SAML request-response protocol namespace (see [SAMLCore]).• The prefix ds: stands for the W3C XML signature namespace, http://www.w3.org/2000/09/xmldsig#• The prefix xenc: stands for the W3C XML encryption namespace, http://www.w3.org/2001/04/xmlenc#• The prefix SOAP-ENV: stands for the SOAP 1.1 namespace, http://schemas.xmlsoap.org/soap/envelope(see [SOAP1.1]).Terminology from [RFC2396] is used to describe components of an HTTP URL. An HTTP URL has the followingform:://? Sections in this document specify certain portions of the component of the URL. Ellipses (...) are used toindicate additional, but unspecified, portions of the component.Liberty Alliance Project4
Liberty Alliance Project:Liberty ID-FF Bindings and Profiles SpecificationVersion: 1.2-errata-v2.07071727374757677787980818283848586878889909192939495969798991001011021031041051062. Protocol BindingsThe Liberty protocol bindings are defined in this section.2.1. SOAP Binding for LibertyThe Liberty SOAP binding defines how to use SOAP to send and receive Liberty protocol requests and responses usingSOAP 1.1 messages.Like Liberty, SOAP can be used over multiple underlying transports. This binding has protocol-independent aspects,but REQUIRES the use of SOAP over HTTP.2.1.1. Protocol-Independent Aspects of the Liberty SOAP BindingThe following sections define aspects of the Liberty SOAP binding that are independent of the underlying protocol,such as HTTP, on which the SOAP messages are transported.2.1.1.1. Basic OperationSOAP messages consist of three elements: an envelope, header data, and a message body. Liberty request-responseprotocol elements MUST be enclosed within the SOAP message body.SOAP 1.1 also defines an optional data encoding system. This system is not used within the Liberty SOAP binding.This means that SAML messages can be transported using SOAP without re-encoding from the "standard" Libertyschemas to one based on the SOAP encoding.The specific profile determines the type of messages that can be sent or received. The system model used for Libertyconversations over SOAP may be a simple request-response model, or it may be a more complex interaction thatincludes HTML forms or other input mechanisms that interact with a Principal.This Liberty specification defines constraints. Liberty protocol messages MUST be sent as the top level element inthe SOAP body. The requester or responder MUST NOT include more than one Liberty protocol message in a singleSOAP message. The requester or responder MUST NOT include any additional XML elements in the SOAP body.Additionally, if a SOAP fault code is returned, then no Liberty protocol message may appear in the SOAP body. SOAPfaults MUST only be used for signaling non-Liberty-related errors.[SOAPv1.1] references an early draft of the XML Schema specification including an obsolete namespace. Originatorsof Liberty SOAP messages SHOULD generate SOAP messages referencing only the final XML schema namespace.Receivers of Liberty SOAP messages MUST be able to process both the XML schema namespace used in [SOAPv1.1]and the final XML schema namespace.2.1.1.2. SOAP HeadersA Liberty SOAP message MAY contain arbitrary headers added to the SOAP message. This binding does not defineany additional SOAP headers.Liberty SOAP messages MUST NOT require that any headers be understood for correct interpretation of the message.2.1.1.3. AuthenticationAuthentication of Liberty messages is OPTIONAL and depends on the environment of use. Authentication protocolsavailable from the underlying substrate protocol MAY be utilized to provide authentication. Section 2.1.2.1 describesauthentication in the SOAP-over-HTTP environment.2.1.1.4. Message IntegrityLiberty Alliance Project5
Page 1 and 2: Liberty Alliance Project:Version: 1
Page 3: Liberty Alliance Project:Liberty ID
Page 7 and 8: Liberty Alliance Project:Liberty ID
Page 33: Liberty Alliance Project:Liberty ID
Page 54 and 55:
Liberty Alliance Project:Liberty ID
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70:
show all

Liberty ID-FF Bindings and Profiles Specification - Liberty Alliance

Create successful ePaper yourself

Delete template?

Save as template?