OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Stateless Conformity To SAML


> Perhaps you could briefly explain how your federation products
> would work as "enforcement points" that would consume (or
> produce) SAMLv2.0 name id mgt without the ability to "cause to be
> stored" updates to that federation (or alternately, identity 
> network failure modes as route-arounds)? Take, for example, the
> cases that Greg raised and to which I was responding in this
> message.

They wouldn't, but that's the point. Not everybody is pursuing the approach
to managing identifiers in-band that Liberty (and now SAML) provides. As
Prateek noted, transactional integrity and reliability are often pretty
important, and neither SOAP nor the browser bindings provide it.

Such enforcement points consume identifiers and may be reading data sources
that are synchronized to these out of band mechanisms.

Liberty *deployments* are free to do this (they don't have to use the
profiles) but Liberty IdP/SP implementations are not free to do this
exclusively.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]