RE: [saml-dev] SAML 2.0 new features help.

["Giuseppe Sarno" <gsarno@nortel.com>]

Hi,
Sorry I'm a little bit confuse too,
looking more in the spec and thanks to your reply I now know what MY
misunderstanding was:

I thought SAML would provide a way to allow SP sessions without using
cookies (which I think this is implementation specific). I guess this
was a wrong assumption.

Could for this reason (SP session) the RelayState be used ? Otherwise
which is the purpose of this info ?

The other thing I now understand that the cookie problem is mainly for
IDP discovery (talking about cookies I thought it was merely a session
problem).
So I was looking for answers on the specs in the wrong place.

Thanks for your answers.
Giuseppe.

-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu] 
Sent: 18 October 2005 16:52
To: Sarno, Giuseppe [MOP:GM15:EXCH]; saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] SAML 2.0 new features help.


> Yes I had a look at section 8 though it seems that the specs lacks 
> some sort of user guide on how to do thinks as the info is scattered. 
> Thanks anyway.

Specs aren't user guides, those are very different things. The specs
have to stop where application-defined behavior takes over.

There is a need for an implementation guide, but nobody with the cycles
to write it.

> What about cross domains SPs/IDPs ? do they have to use some sort of 
> common (domain server ?) is that the only way ? what about the 
> relaystate can this help ?

I don't follow you. All SPs and IdPs are generally "cross-domain",
that's why SAML exists. Common domains can help address IdP discovery by
sharing a cookie for identifying the IdP to use, but that's not really
very practical in many environments.

Relay State has nothing to do with sharing of information, it's for the
SP alone, and it isn't even used in many cases, cookies are.

-- Scott