security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: ECP and Saml 2.0 persistent identifiers
- From: Thomas Wisniewski <Thomas.Wisniewski@entrust.com>
- To: security-services@lists.oasis-open.org
- Date: Mon, 20 Jun 2005 18:14:14 -0400
Title: Message
Does anyone know
(perhaps I missed it in the Saml 2 specs), do persistent ids just NOT apply to
ECP clients/proxies?
Two things I saw
that imply this:
1. At the SP, the
initial response when requesting a resource is that is has to send an
AuthnRequest message that is meant for an IDP. Why isn't the SP allowed to ask
the ECP for a local login first (if that's possible).
Consider the case
where the user is federating for the first time, the ECP needs to do a local
login as well after the AuthnRequeest/Reponse happens.
2. There is no PAOS
type of processing for MNI requests (but neither is there SLO requests). Perhaps
in this case HTTP-Redirects work as usual (but it begs the question why HTTP Red
AutnRequests and HTTP Artifact couldn't be used with ECP).
Thanks,
Tom.
Thomas Wisniewski
Software Architect
Phone: (201)
891-0524
Cell: (201) 248-3668
EntrustÒ
Securing Digital Identities
& Information
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]