OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] attributeexchange: where to add the receiver

Why not use ssl and have the service provider login using a secure
connection.

-----Original Message-----
From: Jim Christopher [mailto:jchristo@carolina.rr.com] 
Sent: Wednesday, March 31, 2004 8:59 AM
To: Christoph Riesenberger; saml-dev@lists.oasis-open.org
Subject: Re: [saml-dev] attributeexchange: where to add the receiver


Hi Chris;

> I am working on an attribute exchange of 2 providers about a user. The

> "serviceprovider" sends an attributequery to the "identityprovider". 
> The identityprovider checks, if the serviceprovider is allowed to get 
> the attributes and sends back an attributestatement. But how does he 
> know
where
> to send it back, if there is no providerid oder url of the 
> serviceprovider intended in an attributequery?

Assuming that this message exchange is done across the SOAP over HTTP
binding of SAML, could you not just respond to the serviceprovider's
HTTP request (containing the SAML Request) with an HTTP response
(containing the SAML Response)?

If that isn't an option, could you associate a SAML consumer URL ( or
whatever address scheme fits with your message transport ) with each
serviceprovider authenticated identity?  In other words, once a
serviceprovider authenticates with the identityprovider, the
identityprovider queries a database for the appropriate SAML consumer
address for that serviceprovider.

HTH,
jim christopher



To unsubscribe from this list, send a post to
saml-dev-unsubscribe@lists.oasis-open.org, or visit
http://www.oasis-open.org/mlmanage/.



 

Regards,

 

 

Scott Wiseman

Client Development Services

 

Network Consultant Los Angeles
http://www.InterCore.net

Consulting, Systems Integration and Outsourcing
http://www.outsourceintelligence.com

Exchange Consultant Los Angeles
http://www.Avidware.com

Security Consultant Los Angeles
http://www.FastForwardMarcom.com

Outsourcing Services in Los Angeles
http://www.OutsourcingAnswers.org

Americas Best Singles Free Online Dating Service
http://www.AllAboutSingles.com

Americas Best Dating Service
http://www.AboutSingles.net

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]