...
- Support only the
urn:liberty:security:2006-08:ClientTLS:peerSAMLV2
and theurn:liberty:security:2005-02:TLS:Bearer
security mechanisms for authentication of services to the IdP. This avoids a requirement for complex signature creation on the part of the ECP client, and allows for either bearer or holder-of-key authentication via a SAML assertion.- Should message signing be a desirable approach, the
urn:liberty:security:2006-08:TLS:SAMLV2
mechanism can be implemented, but this will require profiling WS-Security sufficiently to keep the work manageable.
- Should message signing be a desirable approach, the