[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] ECP SSO Profile and Metadata
So, to resurect an earlier discussion: > But sure, as a guideline, clearly any request ought to really carry > *something*. Leaving it out entirely usally seems like a bad idea. Might it not be useful to require the ACSURL+binding/ACSIndex in the <AuthnRequest> when via ECP? (And not changing the paos:Request semantics.) --Nick > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Thursday, June 23, 2005 08:10 AM > To: 'Greg Whitehead' > Cc: 'SAML'; 'Thomas Wisniewski' > Subject: RE: [security-services] ECP SSO Profile and Metadata > > > > Sure, and in my original message I think I mentioned that > the SP would > > either specify a PAOS AssertionConsumerService endpoint or > specify PAOS > > in ProtocolBinding. What I think we should advise against, > in the ECP > > case, is leaving the response binding completely unspecified, since > > then there is the potential for ambiguity at the IdP SOAP > > SingleSignOnService (if we define some other profile that > > uses SOAP at the IdP in the future). > > Definitely, but I don't think it's possible to leave it completely > unspecified, short of there being no default endpoint in the > metadata, which > is more or less impossible. > > The worst case scenario is you do SOAP in, and the default endpoint is > something incompatible with that (HTTP based), although even > that's sort of > a matter of opinion. A client could theoretically bang SOAP > in, and get back > a redirect or form with the response. ;-) > > But sure, as a guideline, clearly any request ought to really carry > *something*. Leaving it out entirely usally seems like a bad idea. > > -- Scott > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all > your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgr > oups.php > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]