OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] ECP SSO Profile and Metadata



On Jun 23, 2005, at 9:55 AM, Scott Cantor wrote:

>> Not sure which part of my message you are referring to here, but I
>> think the IDP SingleSignOnService Binding should be SOAP and the ECP
>> AuthnRequest ProtocolBinding should be PAOS (since this is how the SP
>> expects the response to be delivered).
>
> Just for clarity, that field isn't used much in favor of just using the
> Index and relying on that to indicate which binding is used. It mostly
> predates the metadata stuff being accepted into the spec and fully 
> baked.
> But that's what the binding would be if you did use it.

Sure, and in my original message I think I mentioned that the SP would 
either specify a PAOS AssertionConsumerService endpoint or specify PAOS 
in ProtocolBinding. What I think we should advise against, in the ECP 
case, is leaving the response binding completely unspecified, since 
then there is the potential for ambiguity at the IdP SOAP 
SingleSignOnService (if we define some other profile that uses SOAP at 
the IdP in the future).

-Greg



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]