security-services message

Subject: Re: [security-services] [Fwd: Re: OpenID Mobile Profile?]

From: Paul Madsen <paulmadsen@rogers.com>
To: Scott Cantor <cantor.2@osu.edu>
Date: Tue, 03 Feb 2009 10:45:18 -0500

thanks scott, below

Scott Cantor wrote:

Paul Madsen wrote on 2009-02-03:

FYI, the OpenID folks are contemplating an artifact mechanism to deal with
mobile client limitations


I can't recall the last time I ran into a phone browser that didn't handle
POST fine, at least on a device anybody would actually use to access the
web.

I believe the concern is the possible absence of javascript for auto-submit, implying a user click

The difference between this flow and the SAML artifact binding is that
in case of SAML, the artifact/ticket is created by the RP and OP goes
and fetch the request from RP.


I don't think they understand that the binding goes either way...

yes, I agree. But, with our binding it is the IDP that sends the artifactresolve message to the SP , and I think thats what Nat is trying to avoid have happen.

-- Scott



---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

--
Paul Madsen
e:paulmadsen @ ntt-at.com
p:613-482-0432
m:613-282-8647
web:connectid.blogspot.com

Follow-Ups:
- RE: [security-services] [Fwd: Re: OpenID Mobile Profile?]
  - From: "Scott Cantor" <cantor.2@osu.edu>

References:
- [Fwd: Re: OpenID Mobile Profile?]
  - From: Paul Madsen <paulmadsen@rogers.com>
- RE: [security-services] [Fwd: Re: OpenID Mobile Profile?]
  - From: "Scott Cantor" <cantor.2@osu.edu>