[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] Is a separate "ArtifactReceiver" required?
Sorry to be late to the discussion. Those who were involved at the Burton Catalyst Interop in July remember that we (Sigaba) required the source site to pass the TARGET parameter back to the destination site. We basically negotiated this with each of the other Interop vendors. This was part of an unofficial "meta-data" negotiation between all Interop vendors. The fact that the resulting URL is not bookmark-able is not necessarily important here. What is important is that the destination site needs the TARGET parameter to do its job. Thanks, Jahan P.S. I have proposed that we add this meta-data to the Metadata for SAML 1.0 Web Browser Profiles. Prateek and Jeff are the authors of this document. ---------------- Jahan Moreh Chief Security Architect 310.286.3070 > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Wednesday, December 04, 2002 11:11 AM > To: 'Kremp, Juergen'; 'Philpott, Robert'; saml-dev@lists.oasis-open.org > Subject: RE: [saml-dev] Is a separate "ArtifactReceiver" required? > > > > However, to "fulfill" the words of the spec even such a > > "direct request" must carry the TARGET parameter, which then > > leads to funny URL's like this one: > > > > http://host/application/calculator?TARGET=http://host/applicat > > ion/calculator&SAMLart=12353625363457236457 > > > > (/application/calculator is the business application!). > > Yes, but how is the arbitrary SAML identity provider (the source site) > supposed to know that it can omit the TARGET for your resource and not > mine? > > I suppose you could configure it, but that seems like a lot of wasted > effort to avoid such a trivial thing, especially since it's not a > bookmark-able URL anyway. If it were, I'd say you have a laudable goal, > but... > > -- Scott > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC