[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SLO IDP generated bindings.
> I was thinking about the case the IDP decides to terminate a > session (Session expires, others.) > It should issue a SLO req to the SP/SPs involved. > Now in this case the User Agent is not involved at all so I'm > assuming the only possible binding to be used (and coverd by > the spec) is any synch binding (so far only SOAP is supported). > Is that correct ? The browser is involved if the user initiates the logout, or if a window is maintained somehow with some kind of polling or something. IdP-initiated doesn't mean "user not involved", that's an orthogonal consideration. > Could HTTP Post be used in this case anyhow ? HTTP POST is a browser-mediated binding, but it is implementation-dependent whether a server can tell the difference. It should never be used in place of SOAP, and there's really nothing to be gained from doing that. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]