[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] AttributeQuery : why SOAP binding ?
> In the SAML profile spec, I see an attributeQuery must be sent with a > synchronous binding, such as the SOAP binding. > Why ? Because that's the only use case that was profiled. Those profiles are what I call "dumb profiles". They exist solely to create a testable profile for conformance reasons, and do nothing but tie a protocol to a binding. There's no intrinsic requirement in SAML to limit bindings anywhere. > I have a case where it should be useful to use a POST or Redirect Binding : > The user authenticate to the IDP with a smartcard. User attributes are in > the smartcard, and we want the IDP to ask the user the permission to read > the attributes in its smartcard and send it to the SP. So if we want the IDP > to interact with the user, we need to send the attribute query with an > asynchronous binding like POST or Redirect.... Well, I would disagree with you. That's a standard use case for SSO, so why wouldn't you simply use an AuthnRequest? There may be a use case for this, but I don't think yours is one. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]