[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] ECP
Here is my understanding (partially from implementing the original liberty PAOS spec): After ECP talked to SP and published the PAOS service it is hosting, SP and ECP could still talk non-PAOS back and forth, as many times as they wish, and then at one point, SP decides to send ECP a PAOS request which contains AuthnRequest. From then on things fall into SAML 2 spec domain. Thanks, Adam Scott Cantor wrote: >>One other question on the ECP's initial request -- the ECP >>does require that the response (first response) back from the >>SP to be the Saml AuthnRequest using PAOS. Is that correct? > > > Hmmm, I'd think that the point is to eventually initiate the profile, but > until you do, you're just "doing stuff with the client". > > >>I.e., the SP cannot do any additional interactions that the >>ECP would be able to handle (e.g., an HTTP 302 redirection >>from the resource protecting filter to a saml requester >>service) where the eventual response would be the Saml >>AuthnRequest using PAOS? > > > I can't see how that would be illegal, given that the client really isn't > "doing the profile" until it gets back the PAOS envelope. As long as the > HTTP request that results in the PAOS response contains the headers that > indicate the client is prepared to do the profile... > > Anyway, that's how I would read it, dunno about anyone else. I did a lot of > work on the exact headers flowing around, but the profile by and large is > just work done by the original author who mapped the ID-FF profile to PAOS, > so I'm not exactly the "bible" on this. > > -- Scott > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: security-services-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: security-services-help@lists.oasis-open.org >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]