[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] HTTP error response code
On 6/2/06, Costello, Roger L. <costello@mitre.org> wrote: > >> Scenario: App to App (no intermediary Browser) > > > There's really no profile for that scenario in SAML proper, > > so asking how it should work is sort of begging the question. > > Let me see if I understand correctly: > > 1. Two applications directly exchanging SAML documents is not legal? > > 2. The only legal interaction patterns are those described in the > profiles specification? > > 3. The semantics of SAML when used in interaction patterns not > described in the profiles specification is undefined? > > Is that what is being stated? No, I think Scott is simply saying there is no SAML 2.0 profile that governs this situation. Others are free to specify additional profiles of SAML, and indeed there is a lot of that going on right now outside the SSTC. Liberty, for example, is heavily involved with SAML 2.0. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]