OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] SAML Interop tech focus question

> I know we need to limit scope creep, but I feel compelled to 
> ask if anyone else is going to be ready to test browser/post 
> profile. Sun will be ready and would love to see that 
> included in the demo as well. To me this seems like a very 
> natural follow-on. You guys are the experts, but from my 
> limited understanding the post seems like a far better 
> approach and a more likely use case in the real world. If I'm 
> wrong, please feel free to educate me (and thanks in advance).

We have it implemented in the Shibboleth alpha we just released
(basically an older draft of SAML and no signing), but I didn't speak up
since I assumed only the artifact profile was being demoed.

I have beta code that is compliant with the latest schema and does the
signing as well, it's just not in the Shibboleth codebase yet.

Of course, Shibboleth imposes additional semantics on the Subject that
is sent in the POST (we don't pass a real name and we query for
attributes after sign-in), so it's not a fully generic scenario.

Personally, I prefer it for a lot of reasons, which is one reason it's
used exclusively in our architecture. I have gotten the perhaps mistaken
sense that I'm in the minority though.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC