[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] ECP SSO Profile and Metadata
On Jun 23, 2005, at 9:55 AM, Scott Cantor wrote: >> Not sure which part of my message you are referring to here, but I >> think the IDP SingleSignOnService Binding should be SOAP and the ECP >> AuthnRequest ProtocolBinding should be PAOS (since this is how the SP >> expects the response to be delivered). > > Just for clarity, that field isn't used much in favor of just using the > Index and relying on that to indicate which binding is used. It mostly > predates the metadata stuff being accepted into the spec and fully > baked. > But that's what the binding would be if you did use it. Sure, and in my original message I think I mentioned that the SP would either specify a PAOS AssertionConsumerService endpoint or specify PAOS in ProtocolBinding. What I think we should advise against, in the ECP case, is leaving the response binding completely unspecified, since then there is the potential for ambiguity at the IdP SOAP SingleSignOnService (if we define some other profile that uses SOAP at the IdP in the future). -Greg
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]