OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Indexed Endpoints

In the artifact case, my first thought was that the artifact receiver
endpoint had been indexed for just the reason you mention - to simplify
load balanced deployments by not requiring some sort of shared storage.
But then it seemed to me that there was too much other state (tracking
session participants for example) that would need to be tracked and that
indexing the artifact endpoint only got you part of the way there.  Am I
missing something here?  Was it assumed that all that other state could
be kept at a user session level?  And that distributing that session
state could be pushed off to the application server or container of your
choice?

In the SP case - I can see how the index is shorthand to reference an
assertion consumer service URL.  I guess my question on that one is, why
have more than one AssertionConsumerServiceURL in the first place?  I
know it's a carryover from Liberty but I never knew the intent of it in
that spec either.

Thx,
Brian

-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu] 
Sent: Monday, April 04, 2005 11:00 AM
To: Brian Campbell; saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] Indexed Endpoints

> Can anyone enlighten me on what the intent of indexed 
> endpoints was?  Honestly, I just don't see how or why it 
> would be used.

Which ones? There are a couple of different occurrences, for different
reasons.

In the artifact case, it's the only thing that makes the artifact
binding
usable without a ridiculous amount of work (reason number one I hated
artifacts in 1.1). Without it, even the simplest implementation needs
efficient, writable, clustered storage to load balance the IdP. With it,
you
can issue artifacts that point directly back at the endpoint with the
in-memory storage of the protocol message.

In the SP case, as it was in ID-FF, it's to enable compact referencing
of
the consumer service to use in the AuthnRequest without having to put
the
whole URL in the request. In fact, the AssertionConsumerServiceURL
attribute
is mostly worthless since you need to check metadata in most cases
anyway,
and I should have just removed it altogether.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]