[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Using HTTP Redirect to send a Response? Profiles spec says no. Bindings spec says yes. Which is correct?
On 5/18/06, Costello, Roger L. <costello@mitre.org> wrote: > > In section 4.1.2, bullet 5 of the Profiles specification it says: "The HTTP > Redirect binding MUST NOT be used [for sending a Response to a Service > Provider], as the response will typically exceed the URL length permitted by > most user agents". > > In the Bindings specification, in 3.4.8 it shows an example of using HTTP > Redirect to send a Response to a Service Provider. > > So, the Profiles spec says that HTTP Redirect must not be used, whereas the > Bindings spec says that HTTP Redirect can be used. Which is correct? Both are correct. Section 4.1.2 of the Profiles spec refers to Browser SSO whereas the example in section 3.4.8 of the Bindings spec is LogoutRequest/LogoutResponse. See section 4.4 of the Profiles spec for more info regarding the latter. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]