OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Use of Provider ID in Redirect-Artifact Profile

See response inline ####.


Kunal Gandhi

----- Original Message ----- 
From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Kunal Gandhi'" <kunal@amsoft.net>
Cc: <saml-dev@lists.oasis-open.org>
Sent: Friday, October 21, 2005 7:55 PM
Subject: RE: [saml-dev] Use of Provider ID in Redirect-Artifact Profile

>> True. Just that it is not desired in our case to have such arrangement
> that
>> requires SP and IdP to exchange such info apriori. All discovery is based
> on
>> XRI Resolution.
> You still need the XRI, and an XRI can be expressed as a URI, right? So 
> make
> that your providerId and hash that.

#### Kunal wrote: ####
True, I can hash the XRI and send it as a SourceID, which the SP will match 
and find the ProviderID, an XRI. The SP can the resolve it to get metadata. 
But again, this requires SP to know beforehand that so and so IDP has so and 
so ProviderID, which is not desired. I am trying to avoid this step. I'd 
like a self-arranging implementation where services are discovered using XRI 
Resolution Only and not by out of band exchange (as far as feasible). This 
is important. This is the reason why I want to discover the IDP using a 
common domain cookie upon recceiving SAML Artifact.

Hope I have made my requirement clear.


> There's nothing wrong with doing metadata resolution via XRI, but you 
> still
> need the XRI to start with, and you cannot get it through SAML in band.
> Extending the Artifact binding is not a viable strategy if you expect to
> interoperate.
> -- Scott
> ---------------------------------------------------------------------
> This publicly archived list supports open discussion on implementing the 
> SAML OASIS Standard. To minimize spam in the
> archives, you must subscribe before posting.
> [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/
> Alternately, using email: list-[un]subscribe@lists.oasis-open.org
> List archives: http://lists.oasis-open.org/archives/saml-dev/
> Committee homepage: http://www.oasis-open.org/committees/security/
> List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
> Join OASIS: http://www.oasis-open.org/join/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]