OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] ECP and PAOS


Thanks for you guys' replies.

One more question:

         Is ECP supposed to have the meta data of the SP(s)
         and IDP(s) with which it is interacting ?

Thanks,
Adam


John Kemp wrote:

>ext Scott Cantor wrote:
>
>  
>
>>>In liberty PAOS spec, the examples (at the end of section 8)
>>>imply that Correlation Header (from liberty soap binding spec)
>>>to be included as a SOAP header (in addition to PAOS request
>>>header) in both PAOS request and response messages.
>>>   
>>>
>>>      
>>>
>>I didn't recall any dependency in PAOS on that SOAP binding spec, but PAOS
>>is the authority on this part, not SAML. It's just a call out to whatever it
>>says to do.
>> 
>>
>>    
>>
>There is no normative dependency on the Liberty ID-WSF SOAP Binding
>Specification [1], and thus no need to include a Correlation header
>block, unless the service being exposed over PAOS [2] conforms to the
>Liberty ID-WSF SOAP Binding Specification (to which the SAML2 ECP
>service as specified does not).
>
>  
>
>> 
>>
>>    
>>
>>>In SAML2 profile spec ECP-related sections 4.2.4.3 and
>>>4.2.4.5, the examples do not include the Correlation header.
>>>   
>>>
>>>      
>>>
>>If PAOS requires it, then this should be SAML errata, but always take
>>examples with serious salt, they aren't normative.
>> 
>>
>>    
>>
>It's an example, and if there's any errata, it should be on the PAOS
>specification to note that this example is non-normative ;)
>
>  
>
>> 
>>
>>    
>>
>>>So the question is if I'm implementing ECP, SP and IDP support
>>>for ECP, do I include this correlation header or not ?
>>>   
>>>
>>>      
>>>
>>I'll let the PAOS experts answer that.
>> 
>>
>>    
>>
>Only if you wish to additionally have your ECP conform to the Liberty
>ID-WSF SOAP Binding, but that is not required by the PAOS or SAML 2
>specifications.
>
>- JohnK
>
>[1]  
>https://www.projectliberty.org/specs/draft-liberty-idwsf-soap-binding-v2.0-01.pdf
>[2]   https://www.projectliberty.org/specs/draft-liberty-paos-v2.0-01.pdf
>  
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]