[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [Fwd: [security-services] Optionality of SP support of a SOAP interface for IdP-initiated SLO]
> I just noticed that, in fact, we currently do not mandate SP-initiated > SOAP-based SLO at the IdP either. Since the same issue arises, I would > like to amend my previous proposal to make the following two > changes to [1] > > * Mandate Single Logout (IdP-initiated) - SOAP support by SPs > * Mandate Single Logout (SP-initiated) - SOAP support by IdPs > > Both of these changes affect the table at line 151 of [1] - each > changing a cell from 'OPTIONAL' to 'MUST' Wouldn't you need it in both directions? * Mandate Single Logout (IdP-initiated) - SOAP support by IdPs * Mandate Single Logout (SP-initiated) - SOAP support by SPs Otherwise you have support to consume SOAP logout at both ends, but no requirement that the IdP can relay it, since it might not support it, and its SPs might not support receiving it. I assume that's why all four are a MUST in ID-FF, not just 2 of them. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]