OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] AttributeQuery : why SOAP binding ?


> In the SAML profile spec, I see an attributeQuery must be sent with a
> synchronous binding, such as the SOAP binding.
> Why ?

Because that's the only use case that was profiled. Those profiles are what
I call "dumb profiles". They exist solely to create a testable profile for
conformance reasons, and do nothing but tie a protocol to a binding. There's
no intrinsic requirement in SAML to limit bindings anywhere.

> I have a case where it should be useful to use a POST or Redirect Binding
:
> The user authenticate to the IDP with a smartcard. User attributes are in
> the smartcard, and we want the IDP to ask the user the permission to read
> the attributes in its smartcard and send it to the SP. So if we want the
IDP
> to interact with the user, we need to send the attribute query with an
> asynchronous binding like POST or Redirect....

Well, I would disagree with you. That's a standard use case for SSO, so why
wouldn't you simply use an AuthnRequest?

There may be a use case for this, but I don't think yours is one.

-- Scott




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]