OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02


I think that's fine.

Rob Philpott
RSA Security Inc.
The Most Trusted Name in e-Security
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com


> -----Original Message-----
> From: Bhavna Bhatnagar [mailto:bhavna.bhatnagar@sun.com]
> Sent: Tuesday, May 21, 2002 11:44 AM
> To: Philpott, Robert; bhavna.bhatnagar@sun.com; saml-dev@lists.oasis-
> open.org; pmishra@netegrity.com
> Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02
> 
> Prateek/Rob,
> Thanks for the explanation. Even though the user friendly way makes more
> sense where you automatically get redirected to the content app after
> successful
> login, I dont think we here have the time to support it. We may just
> redirect to the the list of Urls, hope that would be ok.
> 
> Thanks
> 
> Bhavna
> 
> >Content-return: allowed
> >Date: Mon, 20 May 2002 10:02:36 -0400
> >From: "Mishra, Prateek" <pmishra@netegrity.com>
> >Subject: RE: [saml-dev] drfat-catalyst-interop-plan-02
> >To: "'Philpott, Robert'" <rphilpott@rsasecurity.com>, "'Bhavna
> Bhatnagar'"
> <bhavna.bhatnagar@sun.com>, saml-dev@lists.oasis-open.org
> >MIME-version: 1.0
> >List-Owner: <mailto:saml-dev-help@lists.oasis-open.org>
> >List-Post: <mailto:saml-dev@lists.oasis-open.org>
> >List-Subscribe: <http://lists.oasis-open.org/ob/adm.pl>,
> <mailto:saml-dev-request@lists.oasis-open.org?body=subscribe>
> >List-Unsubscribe: <http://lists.oasis-open.org/ob/adm.pl>,
> <mailto:saml-dev-request@lists.oasis-open.org?body=unsubscribe>
> >List-Archive: <http://lists.oasis-open.org/archives/saml-dev/>
> >List-Help: <http://lists.oasis-open.org/elists/admin.shtml>,
> <mailto:saml-dev-request@lists.oasis-open.org?body=help>
> >List-Id: <saml-dev.lists.oasis-open.org>
> >
> >
> >Bhavna,
> >
> >Rob has already discussed the main issue in his note: on unauthorized
> >access, the content site offers a choice of inter-site portal
> >URLs, and after user site selection the content site re-directs to the
> >portal
> >site with TARGET
> >set to a specific value. I had planned to describe this
> >explicitly in the draft (as described in message
> >
> >http://lists.oasis-open.org/archives/saml-dev/200205/msg00042.html
> >
> >)
> >
> >but forgot to include this material in the draft. I will do
> >so today so we are all on the same page tomorrow.
> >
> >- prateek
> >
> >
> >>>>
> >>>> In D above, I am not sure what is the expected behaviour.
> >>>If we redirect
> >>>> to portal login, then after logging in, one would be
> >>>displayed a content
> >>>> page
> >>>> with links to content hosted at distinct web sites, but I
> >>>would think
> >>>> that the user would expect to be taken directly to
> >>>> the content application after a successful login upon
> >>>redirection. Does
> >>>> anyone think alike  or if not can someone please clarify
> >>>the expected
> >>>> flow ?
> >>>
> >>>I think what was intended was just what is says - an
> >>>authenticated user
> >>>hitting the content provider will get redirected to the
> >>>portal for login.
> >>>However, the description should say more about what happens
> >>>next. After
> >>>authenticating the user, the portal could have 2 choices.
> >>>
> >>>First, the portal could display the links page that refers to the ISX
> >>>(inter-site transfer) service.  The user would then have to
> >>>click to get
> >>>back to the original content provider.  Of course the click
> >>>really gets them
> >>>to the ISX with a TARGET= parameter and the ISX creates the
> >>>artifact and
> >>>sends them to the remote artifact receiver URL.  That then
> >>>gets them to the
> >>>content application once the assertion is retrived.
> >>>Obviously, getting the
> >>>links page and clicking on it isn't very user-friendly.
> >>>
> >>>However, if the content provider redirects to the portal AND
> >>>supplies a
> >>>TARGET= parameter on the redirect, the portal could
> >>>authenticate the user
> >>>and transfer directly to the ISX service with the supplied TARGET=
> >>>parameter.  The user would then not have to see the links
> >>>page.  As in the
> >>>normal case, the ISX would create the artifact and send the
> >>>user back to the
> >>>remote SAML artifact receiver.  Once the assertion is
> >>>retrieved, the user
> >>>will see the content provider page they wanted.
> >>>
> >>>The 2nd scenario is more user-friendly, but it requires a
> >>>vendor's content
> >>>site to redirect to the portal with the TARGET= parameter.
> >>>
> >>>Can other vendors do this?  I am planning for us to handle
> >>>either method.
> >>>
> >>>Prateek, could we update the scenario to describe this or do
> >>>we have to just
> >>>stick with the first method?
> >>>
> >
> >----------------------------------------------------------------
> >To subscribe or unsubscribe from this elist use the subscription
> >manager: <http://lists.oasis-open.org/ob/adm.pl>
> 
> ________________________________________________________________________
> Bhavna Bhatnagar                		Sun Microsystems Inc.
> Identity Management group	 __o
> Tel: 408-276-3591              _`\<,_
>                               (*)/ (*)
>  ________________________________________________________________________
> 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC