OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] asynchronous response on SAML over SOAP over HTTP


Hi Yuji,

good point: to eliminate validity-period checking, you not only need a
synchronous binding and a responder trusted to respond only with valid
assertions, but you need the requestor to consume these assertions
immediately.

Still, a synchronous binding is necessary, if not sufficient, for removing
the validity-period check.  So I think the potential to remove this check
should be considered in deciding whether to make synchronousness mandatory,
or an explicit property of certain bindings but not others, or leave it
unspecified as currently. 

Trevor

-----Original Message-----
From: Yuji Sakata
To: Trevor Perrin; 'Hal Lockhart'; saml-dev@lists.oasis-open.org
Sent: 7-17-02 9:46 PM
Subject: RE: [saml-dev] asynchronous  response on SAML over SOAP over HTTP


> Prateek pointed this out to me in person, regarding our thread about
whether
> the notBefore/notOnOrAfter checks are necessary in the
browser/artifact
> profile.  If a synchronous binding was used, and the responder could
be
> trusted only to return timely assertions, then the requestor would not
need
> to do validity-period checking.  This is probably true for any use of
a SAML
> binding, not just the brower/artifact profile.
>  
> At the recent Interop, validity-period checking caused problems in
parsing
> and time synchronization.  So maybe we should take advantage of
synchronous
> bindings to avoid these.  A binding spec could say whether it's
synchronou

I might be confused with the meanings of synchronous and asynchronous.

I think the usage is not impossible that "assertions are retrieved 
synchronously by means of SOAP binding and used synchronously".
For example, attribute assertion consumer is inclined to cache attribute

assertions and re-use them as long as they are valid.
So, it might be good idea that we discuss separately with whether SOAP 
binding should be synchronous and whether validity-period checking isn't

required.

What do you think?

Best Regards,
----------------------------------------------
NTT Data Corporation
Yuji Sakata
Tel: +81-3-3523-8081
E-Mail: ysakata@rd.nttdata.co.jp
----------------------------------------------

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC