From: http://www.ietf.org/internet-drafts/draft-hodges-saml-mediatype-01.txt Title: application/saml+xml Media Type Registration Reference: IETF Network Working Group, Internet Draft, 'draft-hodges-saml-mediatype-01' Date: June 17, 2004 Previous version: http://xml.coverpages.org/draft-hodges-saml-mediatype-00.txt See also: http://xml.coverpages.org/samlassertionMIME.html IESG Approves a Request to Register MIME Media Type application/samlassertion+xml See also: http://xml.coverpages.org/saml.html "Security Assertion Markup Language (SAML)" ------------------------------------------------------------------------ Network Working Group J. Hodges Internet-Draft Sun Microsystems, Inc. Expires: December 16, 2004 June 17, 2004 application/saml+xml Media Type Registration draft-hodges-saml-mediatype-01 Status of this Memo By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3667. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http:// www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on December 16, 2004. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This document describes a MIME media type -- application/saml+xml -- for use with the XML serialization of SAML (Security Assertion Markup Language) assertions, or other SAML-defined objects. Hodges Expires December 16, 2004 [Page 1] Internet-Draft application/saml+xml June 2004 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Discussion of this Document . . . . . . . . . . . . . . . 3 1.2 Document Conventions . . . . . . . . . . . . . . . . . . . 3 2. Usage of the application/saml+xml MIME Media Type . . . . . . 4 3. application/saml+xml MIME Media Type Registration . . . . . . 4 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6 Normative References . . . . . . . . . . . . . . . . . . . . . 6 Informative References . . . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8 A. Revision History . . . . . . . . . . . . . . . . . . . . . . . 8 Intellectual Property and Copyright Statements . . . . . . . . 9 Hodges Expires December 16, 2004 [Page 2] Internet-Draft application/saml+xml June 2004 1. Introduction This document defines a MIME media type -- application/saml+xml -- for use with the XML serialization of SAML (Security Assertion Markup Language) assertions, or other SAML-defined objects. The SAML specification sets, SAML V1.0 [5] and SAML V1.1 [9], are work products of the OASIS [13] Security Services Technical Committee (SSTC) [14]. The SAML specifications define XML-based constructs with which one may make, and convey, security assertions. For example, one can assert that an authentication event pertaining to some subject has occured and convey said assertion to a relying party. 1.1 Discussion of this Document Please send comments on this document to the "security services comment" email distribution list: The "security services comment" mailing list is publically archived here [15]. To post to the "security services comment" mailing list, one must subscribe to it. To subscribe, send a message with the single word "subscribe" in the message body, to: Additionally, the SAML developer community email distribution list: may be employed to discuss usage of the application/saml+xml MIME media type. The "saml-dev" mailing list is publically archived here [16]. To post to the "saml-dev" mailing list, one must subscribe to it. To subscribe, send a message with the single word "subscribe" in the message body, to: 1.2 Document Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", Hodges Expires December 16, 2004 [Page 3] Internet-Draft application/saml+xml June 2004 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [2]. 2. Usage of the application/saml+xml MIME Media Type Application protocols capable of conveying MIME entities, such as HTTP [3], SHOULD use the media type defined in this document when conveying SAML-defined objects. 3. application/saml+xml MIME Media Type Registration This is a media type registration as defined in Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures [1] and XML Media Types [4]. MIME media type name: application MIME subtype name: saml+xml Required parameters: none Optional parameters: charset Same as charset parameter of application/xml. Encoding considerations: Same as charset parameter of application/xml. Security considerations: Security considerations include many of those described in section 10 of RFC 3023 [4] as well as those specifically described in: SAML V1.0 Assertions and Protocol [6] SAML V1.0 Bindings and Profiles [7] SAML V1.0 Security and Privacy Considerations [8] ..and/or.. Hodges Expires December 16, 2004 [Page 4] Internet-Draft application/saml+xml June 2004 SAML V1.1 Assertions and Protocol [10] SAML V1.1 Bindings and Profiles [11] SAML V1.1 Security and Privacy Considerations [12] . ..depending on the version of the SAML object (see the next item). Interoperability considerations: SAML assertions are explicitly versioned. Relying parties SHOULD ensure that they observe assertion version information and behave accordingly. See "Chapter 4 SAML Versioning" in SAML V1.0 Assertions and Protocol [6], and/or SAML V1.1 Assertions and Protocol [10], as appropriate. Published specification: See the SAML V1.0 [5] and SAML V1.1 [9] specification sets. Applications which use this media type: SAML is device-, platform-, and vendor-neutral and is supported by a range of server- and client-side applications and tools. Additional information: Magic number(s): none, but.. Although no byte sequences can be counted on to consistently identify SAML objects, i.e. assertions and/or protocol messages, they will contain either one, or both of, the strings: urn:oasis:names:tc:SAML:1.0:assertion urn:oasis:names:tc:SAML:1.0:protocol to identify the SAML XML namespace(s). File extension(s): none Macintosh File Type Code(s): none Hodges Expires December 16, 2004 [Page 5] Internet-Draft application/saml+xml June 2004 Person & email address to contact for further information: Use the email distribution lists identified in Section 1.1 above. Additionally, or otherwise, refer to the Security Services Technical Committee website [14]. Intended usage: COMMON Author/Change controller: The SAML specification sets are a work product of the OASIS Security Services Technical Committee (SSTC). OASIS and the SSTC have change control over the SAML specification sets. 4. IANA Considerations This document calls for registration of a new MIME content-type, according to the registration information given above in Section 3. 5. Security Considerations See the "Security Considerations" item in Section 3 above. 6. Acknowledgements This doc is based on Aaron Schwartz' internet-draft for the application/rdf+xml MIME media type [18]. Thanks to Graham Klyne for pointing me to the latter, to Scott Cantor and John Kemp for volunteering me to write this, and to Marshall Rose for his xml2rfc document converter gizmo [17]. Artists whose music contributed to the writing of this spec ranged from John Coltrane [19] to Trapt [20]. Normative References [1] Freed, N., Klensin, J. and J. Postel, "Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures", BCP 13, RFC 2048, November 1996. [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [3] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol -- Hodges Expires December 16, 2004 [Page 6] Internet-Draft application/saml+xml June 2004 HTTP/1.1", RFC 2616, June 1999. [4] Murata, M., St. Laurent, S. and D. Kohn, "XML Media Types", RFC 3023, January 2001. [5] OASIS, "Security Assertion Markup Language (SAML) Version 1.0 Specification Set", OASIS Standard 200205, September 2003, . [6] Hallam-Baker, P., Ed. and E. Maler, Ed., "Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.0", OASIS Standard 200205, November 2002, . [7] Mishra, P., Ed., "Bindings and Profiles for the OASIS Security Assertion Markup Language (SAML) V1.0", OASIS Standard 200205, November 2002, . [8] McLaren, C., Ed., "Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V1.0", OASIS Standard 200205, November 2002, . [9] OASIS, "Security Assertion Markup Language (SAML) Version 1.1 Specification Set", OASIS Standard 200308, September 2003, . [10] Maler, E., Ed., Mishra, P., Ed. and R. Philpott, Ed., "Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1", OASIS Standard 200308, September 2003, . [11] Maler, E., Ed., Mishra, P., Ed. and R. Philpott, Ed., "Bindings and Profiles for the OASIS Security Assertion Markup Language (SAML) V1.1", OASIS Standard 200308, September 2003, . [12] Maler, E., Ed. and R. Philpott, Ed., "Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V1.1", OASIS Standard 200308, September 2003, . Informative References [13] "Organization for the Advancement of Structured Information Systems (OASIS)", . [14] "Security Services Technical Committee (SSTC/SAML)", . [15] "SSTC/SAML 'comment' Mailing List Archives", . [16] "SSTC/SAML 'saml-dev' Mailing List Archives", . [17] "Marshall Rose's xml2rfc tool", . URIs [18] [19] [20] Author's Address Jeff Hodges Sun Microsystems, Inc. 4220 Network Circle, Bldg 22, USCA22-212 Santa Clara, CA 95054 USA Phone: +1 408.276.5467 EMail: Jeff.Hodges@sun.com URI: http://www.sun.com/ Appendix A. Revision History Hodges Expires December 16, 2004 [Page 8] Internet-Draft application/saml+xml June 2004 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the IETF's procedures with respect to rights in IETF Documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Hodges Expires December 16, 2004 [Page 9]