OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] SAML 2.0 & Authentication mechanism [service]

Thanks Scott for your quick reply as always.

My authn requirements cannot be filled with just password using TLS so I 
need to use SASL.
I was bit hesitant mixing spec but your answer gives me confidence.

Regards & thanks again

Kapil Sachdeva
----- Original Message ----- 
From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Kapil Sachdeva'" <ksachdeva@sbcglobal.net>; 
Sent: Wednesday, November 10, 2004 10:43 AM
Subject: RE: [saml-dev] SAML 2.0 & Authentication mechanism [service]

>> My concern/question is that SAML 2.0 does not talk about how
>> authentication should be done using standard protocol
>> messages (something like that of ID-WSF Authentication
>> Service SASL messages).
> Correct, but this is a good thing.
>>                 Authentication
>> ECP    <-------------------------->   IDP
>> Messages for the above step are problems for me. I know I can
>> use Authentication service for this as defined in ID-WSF
>> (SASL) but somehow not feeling comfortable mixing
>> specifications in implementation.
> You're already mixing plenty of specs (TLS, HTTP, etc). SAML doesn't need 
> to
> define authentication protocols other than those using SAML as an
> authentication protocol (which is what the SSO profile is).
> If the SASL over SOAP approach seems good for your use case, I'd use it.
> OTOH, if sending a password over TLS with basic-auth is good enough and 
> you
> don't need the flexibility SASL has, I'd probably use that, since it's
> easier.
> -- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]