OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] HTTP error response code


On 6/2/06, Costello, Roger L. <costello@mitre.org> wrote:
> >> Scenario: App to App (no intermediary Browser)
>
> > There's really no profile for that scenario in SAML proper,
> > so asking how it should work is sort of begging the question.
>
> Let me see if I understand correctly:
>
> 1. Two applications directly exchanging SAML documents is not legal?
>
> 2. The only legal interaction patterns are those described in the
> profiles specification?
>
> 3. The semantics of SAML when used in interaction patterns not
> described in the profiles specification is undefined?
>
> Is that what is being stated?

No, I think Scott is simply saying there is no SAML 2.0 profile that
governs this situation.  Others are free to specify additional
profiles of SAML, and indeed there is a lot of that going on right now
outside the SSTC.  Liberty, for example, is heavily involved with SAML
2.0.

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]