[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML, trust and WS.
On 12/21/05, Scott Cantor <cantor.2@osu.edu> wrote: > > > > 2. IdP returns SAML token containing a transient ID issued for SPA plus > some > > > attributes > > > > Right, this works because evidently the target SP is known. (Not true > > in my use case, btw.) > > If the IdP doesn't know the SP, then I guess you're dealing with some kind > of user-intermediated push scenario, which is also fine. The transient ID > won't matter because no query back will be possible anyway (no > authentication of the SP). I didn't say the IdP doesn't know the SP, I said (or meant to say) that the IdP may not know the SP in advance, so it can't issue an assertion targeted at a specific SP. (I don't dare try to explain this further, otherwise this thread will deteriorate into oblivion :) > > Assumes much more functionality at the IdP than is available today. > > (Our development platform is Shibboleth 1.3, which is built on top of > > SAML 1.1.) > > Anything you want to do is going to require new functionality. Sorry, that's > the way it is. But that functionality won't have much to do with > identifiers, and that's my only point. And that is our fundamental point of disagreement...I'll leave it at that. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]