OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [saml-dev]


I prefer the simplication of putting the attribute statement within the
SSO Assertion. So a single artifact serves just fine.

Thanks

Bhavna

>From: "Mishra, Prateek" <pmishra@netegrity.com>
>To: "'Scott Cantor'" <cantor.2@osu.edu>, "'Bhavna Bhatnagar'" 
<bhavna.bhatnagar@sun.com>, saml-dev@lists.oasis-open.org, 
afetterer@crosslogix.com
>Subject: RE: [saml-dev]
>Date: Fri, 10 May 2002 17:51:43 -0400
>MIME-Version: 1.0
>
>The browser profile supports transfer of arbitrary number
>of artifacts (not really, the URL line tends to get truncated
>after 1k+ in many situations). 
>
>If there is a strong preference for two/n distinct artifacts in the demo, we
>can certainly revise the interop draft to reflect that. The use of a single
>artifact and assertion was intended as a simplification; if this is not the
>case, we should remove the constraint.
>
>- prateek
>
>
>>>-----Original Message-----
>>>From: Scott Cantor [mailto:cantor.2@osu.edu]
>>>Sent: Thursday, May 09, 2002 11:56 AM
>>>To: 'Bhavna Bhatnagar'; saml-dev@lists.oasis-open.org;
>>>afetterer@crosslogix.com
>>>Subject: RE: [saml-dev]
>>>
>>>
>>>> 3.Use the same SSO Assertion as received during the SSO, 
>>>> which also holds the attribute statement as the Evidence, but then
>>>this
>>>> may have expired. We could keep the expiration range to be 
>>>long enough
>>>so
>>>> that the assertion is alive for the whole round trip demo.
>>>
>>>FWIW, as a general issue outside of your interop event, I had presumed
>>>that if one wanted to include attributes with the SSO bundle, 
>>>one would
>>>create a second assertion to contain the attribute statement, 
>>>so that it
>>>could be made long lived (relatively) without affecting the SSO
>>>assertion.
>>>
>>>In the POST profile, this is simple, since the response can just carry
>>>both assertions at once. I guess with artifact, you'd send along two
>>>artifacts? It was a 1:1 artifact:assertion correspondence that was
>>>intended, I think.
>>>
>>>-- Scott
>>>
>>>
>>>----------------------------------------------------------------
>>>To subscribe or unsubscribe from this elist use the subscription
>>>manager: <http://lists.oasis-open.org/ob/adm.pl>
>>>

________________________________________________________________________ 
Bhavna Bhatnagar                		Sun Microsystems Inc.		 
Identity Management group	 __o
Tel: 408-276-3591              _`\<,_	
                              (*)/ (*)
 ________________________________________________________________________ 





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC