[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML 2.0 & Authentication mechanism [service]
Thanks Scott for your quick reply as always. My authn requirements cannot be filled with just password using TLS so I need to use SASL. I was bit hesitant mixing spec but your answer gives me confidence. Regards & thanks again Kapil Sachdeva http://www.dotnetcard.com/blogs/ksachdeva ----- Original Message ----- From: "Scott Cantor" <cantor.2@osu.edu> To: "'Kapil Sachdeva'" <ksachdeva@sbcglobal.net>; <saml-dev@lists.oasis-open.org> Sent: Wednesday, November 10, 2004 10:43 AM Subject: RE: [saml-dev] SAML 2.0 & Authentication mechanism [service] >> My concern/question is that SAML 2.0 does not talk about how >> authentication should be done using standard protocol >> messages (something like that of ID-WSF Authentication >> Service SASL messages). > > Correct, but this is a good thing. > >> Authentication >> ECP <--------------------------> IDP >> >> Messages for the above step are problems for me. I know I can >> use Authentication service for this as defined in ID-WSF >> (SASL) but somehow not feeling comfortable mixing >> specifications in implementation. > > You're already mixing plenty of specs (TLS, HTTP, etc). SAML doesn't need > to > define authentication protocols other than those using SAML as an > authentication protocol (which is what the SSO profile is). > > If the SASL over SOAP approach seems good for your use case, I'd use it. > OTOH, if sending a password over TLS with basic-auth is good enough and > you > don't need the flexibility SASL has, I'd probably use that, since it's > easier. > > -- Scott >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]