OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] architecture for artifact profile ?

Ok, thanks.
If I understand well the specs, there is no need of SAML query elements
for basic scheme in Artifact and Post profiles.
In Artifact profile, DestinationSite creates a SAML Request with only
AssertionArtifact element, and in Post profile, SourceSite directly
creates a SAML Response with the encapsulated Assertion.
So, in which case SAML queries can be used ? For later use in
DestinationSite, if I would like to ckeck again (after a timeout) if X
user is still authenticated ?


> -----Message d'origine-----
> De : Scott Cantor [mailto:cantor.2@osu.edu]
> Envoye : vendredi 15 novembre 2002 04:18
> A : zze-orange balr201 FTRD/DMI/REN; saml-dev@lists.oasis-open.org
> Objet : RE: [saml-dev] architecture for artifact profile ?
> >Indeed, I externalized the SAML producer from the Source site. Thus,
> when
> >the source site needs to create an assertion and to get the
> corresponding
> >artifact, it does this by requesting the external SAML producer in a
> >query.
> >I do not see these SAML exchanges in the Bindings/Profiles
> specification.
> >Would it be better (or even mandatory) to integrate the SAML Producer
> in
> >the Source site and to create assertions through a Java API 
> rather than
> >creating them by SAML requests ?
> "Better" is in the eye of the beholder. You're correct that you're
> outside the spec. It isn't mandatory to do it via a local API, you've
> simply created an API that's distributed, but it's not a SAML query in
> the usual sense.
> -- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC