[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] architecture for artifact profile ?
Ok, thanks. If I understand well the specs, there is no need of SAML query elements for basic scheme in Artifact and Post profiles. In Artifact profile, DestinationSite creates a SAML Request with only AssertionArtifact element, and in Post profile, SourceSite directly creates a SAML Response with the encapsulated Assertion. So, in which case SAML queries can be used ? For later use in DestinationSite, if I would like to ckeck again (after a timeout) if X user is still authenticated ? Frederic > -----Message d'origine----- > De : Scott Cantor [mailto:cantor.2@osu.edu] > Envoye : vendredi 15 novembre 2002 04:18 > A : zze-orange balr201 FTRD/DMI/REN; saml-dev@lists.oasis-open.org > Objet : RE: [saml-dev] architecture for artifact profile ? > > > >Indeed, I externalized the SAML producer from the Source site. Thus, > when > >the source site needs to create an assertion and to get the > corresponding > >artifact, it does this by requesting the external SAML producer in a > SAML > >query. > >I do not see these SAML exchanges in the Bindings/Profiles > specification. > >Would it be better (or even mandatory) to integrate the SAML Producer > in > >the Source site and to create assertions through a Java API > rather than > >creating them by SAML requests ? > > "Better" is in the eye of the beholder. You're correct that you're > outside the spec. It isn't mandatory to do it via a local API, you've > simply created an API that's distributed, but it's not a SAML query in > the usual sense. > > -- Scott > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC