OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [saml-dev] RE: SAML Interoperability Demo and the 5 URLs


Comments are attached inline. 

>>1. http://portal.<dns_suffix>: this is the URL for directly contacting
>>the portal and selecting a destination service. The use of this URL is
>>dependent on the demonstration scenario and some applications may not
>>use it. Specifically, if the application directly contacts the
>>inter-site transfer URL at the source site, it need not use this URL.

Correct. The idea is that this is the "normal" welcome page to the portal
site. It may also be protected, in that, access to it requires the user to
login or to possess an active portal session.



>>
>>2. https://inter-site-transfer.<dns_suffix>: this is the URL 
>>that drives
>>the authentication process (for example by soliciting user ID and
>>password). A browser must ultimately connect at this URL to 
>>receive the
>>artifact. A browser may be directed to this URL by some other service,
>>including the portal.
>>

The inter-site transfer URL terminology AND functionality is taken from
bindings Section 4.1.1.3 and 4.1.1.4 which should be reviewed at this point.
This URL is invoked with a TARGET name-value pair as described in the
bindings document and results in a re-direct. It should also be protected
resource, in that, access to it requires the user to login or to possess an
active portal session.


>>3. https://receiver.<dns_suffix>: this is the URL for the assertion
>>consumer. This is the URL to which the inter-site transfer service
>>redirects the user.

Correct, this corresponds to the artifact receiver URL as described in
4.1.1.5 Step 3 of the bindings document. 
>>
>>4. https://responder.<dns_suffix>: this is the URL that the assertion
>>consumer uses to query for the authentication/attribute statements,
>>which are all included in a single assertion.

This URL implements the service described in Step 4 of 4.1.1.6 of
the bindings doc.

>>
>>5. http://application.<dns_suffix>/application: this is the URL where
>>the content provider's application operates. This URL is 
>>included as the
>>"TARGET" in the redirect.

This is the value of the TARGET name in 4.1.1.3 and 4.1.1.4 of the
bindings document.


>>6. For the SAML Interoperability demo, URLs (1), (2) and (4) belong to
>>the "portal" companies and URLs (3) and (5) belong to 
>>"content provider"
>>companies.
>>

Correct. Your comments are very helpful, I will include them
in the next respin of the interOp document.

>>Thanks in advance,
>>Jahan
>>
>>---------------------------
>>Jahan Moreh
>>Chief Security Architect
>>tel: 310.286.3070
>>fax: 310.286.3076
>>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC