OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] ECP Profile and PAOS Binding

> are ECP Profile and PAOS Binding intended to be used with Web Services -
> where the ECP is a Web Service Consumer and the SP is a Web Service
> Provider?

Not really, no. It's not impossible to do it, but you're somewhat
constrained to HTTP because of the profile language, and what you end up
doing is sticking a SAML protocol exchange in the middle of your SOAP
messages, which is a little odd.

The more reasonable approach (and this works with a lot of non-HTTP profiles
of SAML authentication) is to separate the SAML half from the SOAP half:

1. WSC gets SAML Assertion from IdP
2. WSC binds SAML Assertion to SOAP message with WSS-STP and sends to WSP

Liberty WSF 2.0 profiles both halves, and includes a profile of SAML 2.0 for
the first half using a SAML AuthnRequest over SOAP. In that way, it's
similar to ECP but more suited to a SOAP application.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]