[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Any 3 leg profile?
On 2/27/13 12:00 PM, "Will Hartung" <willh@mirthcorp.com> wrote: >By 3 leg I mean client authenticates with IdP, gets Token, client then >makes request to SP with Token, that the SP verifies/accepts Token and >delivers the service. > >Is there another term of art for this? Hmm, that sounds like basic SSO to me. SAML has always had that. >We're looking for "more SAML than not" solution, since we're not >really motivated to actually use OAuth for this (which the SAML Bearer >Assertion Profile is). We can always hand craft something, but if >there's already been work that we can adopt, that would be better. I think you probably want to look at ECP then, if the problem is that the client's not a browser. In its pure form, it still relies on a server challenge to get the flow going, but there are ways to supplement that, and frankly, it's not clear a challenge from the server isn't a good model anyway, since it allows for RP influence over token characteristics. By three-legged, I assumed you meant client talking to server talking to back-end service on behalf of client, i.e. delegation. Which I have also used ECP to model, but it's a more complex scenario with more supplementary specs. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]