[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Does John Doe actually have to hit a Submit button to send the encrypted Authentication Response to CarRentalInc?
Hi Folks, This question is with regards to the Web
Browser SSO profile. Suppose that John Doe authenticates with
AirlineInc and purchases an airplane ticket. After completing the
purchase, the airline provides John Doe with a link to where he can make a car
reservation. John Doe clicks on the link. Suppose the link is back to the
airline. The airline then constructs an (unsolicited) Authentication
Response. The Response is encoded, put into an HTML form and returned to
John Doe. Question: will John Doe actually have to
hit a Submit button to send (POST) the Authentication Response to CarRentalInc?
In other words, from John Doe’s perspective he pressed the link, and the
next thing he sees is an HTML form that is filled with a bunch of encrypted
stuff. Then John Doe is expected to press the Submit button, is that how it
works? Question: or, is there something that can
be done (similar to an HTTP redirect) so that John Doe doesn’t see the encrypted
Response being forwarded to CarRentalInc? That is, is there a way for the
unsolicited Response to be delivered to CarRentalInc “behind the scenes”,
via John Doe’s browser? Thanks. /Roger |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]