OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [Fwd: [security-services] Optionality of SP support of a SOAP interface for IdP-initiated SLO]


Summarizing the proposal for change to conformance-2.0-draft-05-diff:

Operational Mode: IdP

Single Logout (IdP-initiated) - SOAP ---- From OPTIONAL to MUST
Single Logout (SP-initiated) - SOAP ----- From OPTIONAL to MUST


Operational Mode: SP
Single Logout (IdP-initiated) - SOAP ---- From OPTIONAL to MUST
Single Logout (SP-initiated) - SOAP ----- From OPTIONAL to MUST


- prateek


-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu] 
Sent: Tuesday, August 17, 2004 11:42 AM
To: 'John Kemp'; 'SAML'
Subject: RE: [Fwd: [security-services] Optionality of SP support of a SOAP
interface for IdP-initiated SLO]

> I just noticed that, in fact, we currently do not mandate SP-initiated 
> SOAP-based SLO at the IdP either. Since the same issue arises, I would 
> like to amend my previous proposal to make the following two 
> changes to [1]
> 
> * Mandate Single Logout (IdP-initiated) - SOAP support by SPs
> * Mandate Single Logout (SP-initiated) - SOAP support by IdPs
> 
> Both of these changes affect the table at line 151 of [1] - each 
> changing a cell from 'OPTIONAL' to 'MUST'

Wouldn't you need it in both directions?

* Mandate Single Logout (IdP-initiated) - SOAP support by IdPs
* Mandate Single Logout (SP-initiated) - SOAP support by SPs

Otherwise you have support to consume SOAP logout at both ends, but no
requirement that the IdP can relay it, since it might not support it, and
its SPs might not support receiving it.

I assume that's why all four are a MUST in ID-FF, not just 2 of them.

-- Scott


To unsubscribe from this mailing list (and be removed from the roster of the
OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave
_workgroup.php.




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]