[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Stateless Conformity To SAML
> Perhaps you could briefly explain how your federation products > would work as "enforcement points" that would consume (or > produce) SAMLv2.0 name id mgt without the ability to "cause to be > stored" updates to that federation (or alternately, identity > network failure modes as route-arounds)? Take, for example, the > cases that Greg raised and to which I was responding in this > message. They wouldn't, but that's the point. Not everybody is pursuing the approach to managing identifiers in-band that Liberty (and now SAML) provides. As Prateek noted, transactional integrity and reliability are often pretty important, and neither SOAP nor the browser bindings provide it. Such enforcement points consume identifiers and may be reading data sources that are synchronized to these out of band mechanisms. Liberty *deployments* are free to do this (they don't have to use the profiles) but Liberty IdP/SP implementations are not free to do this exclusively. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]