For your interest:The document below has a date of 13 july 2005, it was a result of a reviews of several months by various people in various areas of the French adminstration and other public services.
The text essentially does:- establish a secure communication among two organisations using client/server authentication - transport an authorisation statement from the client organisation to the other.
Two modes are specified: one over https, another using web services. When using HTTPS, the authorisation statement (ands SAML assertion)is transported as a header in http for the only reason that it simplified fast
implementation and experiments. When the first version of thedraft-housley-tls-authz-extns came out, I encouraged the authors to continue since this seemed to me the logical separation of security data and application
data as a simple enhancement of what was specifiedin the following. It is disappointing to read that there was a IPR activity done in parallel. For those can't read French, you may want to ask Papa Bush to help you :-)Just for the records: Will the next idea will be to create client certificates on the fly and use an extended key usage to hold an authorisation statement? At least
for this you now have prior art established using this message :-)https://www.ateliers.modernisation.gouv.fr/ministeres/projets_adele/adele_121_gestion_de/public/standard_dss_-_propo/downloadFile/file/Standard%20Interop%C3%A9rabilit%C3%A9-V1.0.pdf?nocache=1132133044.92
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf