[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Bindings Committee Recommendation: SAML HTTP Binding should be mandatory-to-implement
Colleagues, At the last bindings con-call the following question was debated: Which SAML binding should be mandatory-to-implement? (a) HTTP (b) SOAP over HTTP with no intermediaries The general consensus in the bindings commitee appeared to lie with (a) though some dissent was also expressed (Darren P.). I would request the chairs that the TC take a formal position on this issue perhaps thru a vote on October 9. In thinking about this issue, please note that we are NOT referring to the SOAP profile which would continue to be developed within bindings. The argument for (a) include the following: (i) SOAP 1.1 IPR is encumbered (ii) The results of the XMLP effort (SOAP 1.2) may look quite different from SOAP 1.1 (XMLP will be ready in Q1/02) (iii) other than marketing issues, we do not gain much by utilizing SOAP at this point (iv) "raw" HTTP provides a firmer foundation for our work; notice that a mandatory-to-implement binding is an additional layer in the SAML protocol stack. Arguments for (b) include: (i) SOAP provides a reasonable packaging structure, at least in the case of SOAP over HTTP (ii) SOAP offers a message-level error processing model (iii) The two alternatives are essentially the same but choosing SOAP over HTTP offers SAML, better marketing buzz. (iv) There may be patents lurking for any generic XML messaging framework; even if we choose (a) we may find that patents apply. Further discussion may be found in: http://lists.oasis-open.org/archives/security-bindings/200110/msg00000.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC