RE: [saml-dev] SAML 2.0 new features help.

["Giuseppe Sarno" <gsarno@nortel.com>]

Thanks.

Yes I had a look at section 8 though it seems that the specs lacks some
sort of user guide on how to do thinks as the info is scattered. Thanks
anyway.

What about cross domains SPs/IDPs ? do they have to use some sort of
common (domain server ?) is that the only way ? what about the
relaystate can this help ?

thanks.
Giuseppe.

-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu] 
Sent: 17 October 2005 19:24
To: Sarno, Giuseppe [MOP:GM15:EXCH]; saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] SAML 2.0 new features help.



> This is basically account linking.
> Ok now I cannot find how SAML 2.0 achieve this in any of the 
> spec at the OASIS web page: 

Core, section 8 on Identifier formats, persistent format. That's about
it. Plus the protocol for NameID rollover and cleanup, of course.

If you're looking for anything else, you're moving out of scope.

> 2)  Also there is a mention about SAML 2.0 providing a
> protocol which doesn't requires cookies to be exchanged 
> between SP and IDP to achieve session management,

SAML SSO doesn't rely on domain cookies. That's it. It doesn't mean they
each individually don't use cookies.

-- Scott