OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] SAML 2.0 & Authentication mechanism [service]

> My concern/question is that SAML 2.0 does not talk about how 
> authentication should be done using standard protocol 
> messages (something like that of ID-WSF Authentication 
> Service SASL messages).

Correct, but this is a good thing.

>                 Authentication
> ECP    <-------------------------->   IDP   
> Messages for the above step are problems for me. I know I can 
> use Authentication service for this as defined in ID-WSF 
> (SASL) but somehow not feeling comfortable mixing 
> specifications in implementation.

You're already mixing plenty of specs (TLS, HTTP, etc). SAML doesn't need to
define authentication protocols other than those using SAML as an
authentication protocol (which is what the SSO profile is).

If the SASL over SOAP approach seems good for your use case, I'd use it.
OTOH, if sending a password over TLS with basic-auth is good enough and you
don't need the flexibility SASL has, I'd probably use that, since it's

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]