OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: when in doubt, read the spec...

> ...the confusing comes in for most people
> because the presentation of this token in an SSO type profile
> usually results in the bypass of an authentication step at
> the relying party...

all due respect, but isn't "the bypass of an authentication step" 
the whole purpose of SSO by definition? surely, that's what the 
"single" refers to in "SSO". no?

> ...because you  are presenting some form of credential to an 
> entity...

i hate to be pedantic, but does the saml spec refer to an 
assertion as a credential? my understanding is that an assertion 
is a "claim" or "statement". i take my understanding of what an 
assertion is (and what it is not) from the spec. for instance:

"...the asserting party asserts that this user has been 
authenticated..." (pg 3, sstc-saml-tech-overview-1.1-cd.pdf).

misinterpretation of a spec as complicated and rich as the saml 
spec is inevitable i'm sure. and i appreciate that only a small 
percentage of implementors will actually read the saml specs. i'm 
not trying to shoot holes in folk's personal interpretations of 
the spec. if thinking of an assertion as an authentication makes 
it easier for folks to understand saml, then far be it for me to 
try to correct them. i only want to to get as clear and precise an 
understanding of the spec as i possibly can at this early stage of 
my learning it. and hopefully along the way, help to make the spec 
less confusing for other developers that are also new to saml.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]