OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Rob's errata: Conf 2a


Title: RE: [security-services] Rob's errata: Conf 2a

Brian, I take it to mean implement whichever and be able to accept both.

Tom.

> -----Original Message-----
> From: Brian Campbell [mailto:bcampbell@pingidentity.com]
> Sent: Tuesday, September 13, 2005 11:45 AM
> To: Robert Philpott (RSA); Scott Cantor; SAML
> Subject: RE: [security-services] Rob's errata: Conf 2a
>
>
> So, to be conformant, is an implementation required to send/produce
> artifacts via both POST and GET?  Or just to accept them via either
> method?
>
> > -----Original Message-----
> > From: Philpott, Robert [mailto:rphilpott@rsasecurity.com]
> > Sent: Friday, September 09, 2005 6:38 AM
> > To: Scott Cantor; SAML
> > Subject: RE: [security-services] Rob's errata: Conf 2a
> >
> > You are correct - thanks - it's line 1010 in Bindings.  I had missed
> it.
> >
> >
> > So, it thus does not make sense to list it in the Feature Matrix MTI
> > table of Conformance, but would it be useful to list it in the
> Possible
> > Implementations Table 1? It's an informational table that identifies
> > similar pairings of messages/bindings/protocols.
> >
> > Rob Philpott
> > Senior Consulting Engineer
> > RSA Security Inc.
> > Tel: 781-515-7115
> > Mobile: 617-510-0893
> > Fax: 781-515-7020
> > Email: rphilpott@rsasecurity.com
> > I-name:  =Rob.Philpott
> >
> > > -----Original Message-----
> > > From: Scott Cantor [mailto:cantor.2@osu.edu]
> > > Sent: Thursday, September 08, 2005 11:14 PM
> > > To: 'SAML'
> > > Subject: [security-services] Rob's errata: Conf 2a
> > >
> > > "We mandate support for the HTTP Artifact binding for a Web SSO
> > <Response>
> > > in full and Lite versions of IDP's and SP's.  However, we do not
> > indicate
> > > what mechanisms (HTTP Redirect or HTTP POST) are mandated for
> delivery
> > of
> > > the artifact."
> > >
> > > Yes, we do. The HTTP Artifact binding itself specifies that both
> > redirect
> > > and POST (please don't call them HTTP Redirect and HTTP POST, it
> > conflates
> > > them with those bindings) MUST be supported for delivery of an
> > artifact.
> > > Always has since I first wrote it up.
> > >
> > > I can find the line in bindings if necessary.
> > >
> > > -- Scott
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe from this mail list, you must leave the
> OASIS TC that
> > > generates this mail.  You may a link to this group and
> all your TCs
> in
> > > OASIS
> > > at:
> > >
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe from this mail list, you must leave the OASIS TC that
> > generates this mail.  You may a link to this group and all
> your TCs in
> OASIS
> > at:
> >
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all
> your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgr
> oups.php
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]