[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] ECP
> Hi, I have a question related to ECP. Are the protected > resources that the ECP accesses initially, defined in any > standard manner (e.g., they have to be the same as any other > resource on an SP accessible via other SAML profiles) -- or > is this strictly up to the SP (e.g., certains resources at > the SP are meant to be accessed by ECP clients, while other, > different, resources are meant to be accessed by a saml web > sso client)? > > I assume it's the latter from reading the spec. I think it's up to the SP, but there's no requirement that they be different. The motivation partly is to support a richer client accessing the same HTML/etc. resources, since any other form of content is relatively non-existent apart from maybe RSS feeds. The HTTP headers signal ECP support to the SP so it can decide whether to respond with SOAP as a challenge. The trickier bit in my mind is how to handle the authn challenge at the IdP, since it's relatively unspecified, but I got the general idea that a lot of the current ECP deployments were bundled with particular IdPs (could be wrong). -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]