OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] HTTP error response code


>>>> Scenario: App to App (no intermediary Browser)
>>>>
>>> There's really no profile for that scenario in SAML proper,
>>> so asking how it should work is sort of begging the question.
>>>
>> Let me see if I understand correctly:
>>
>> 1. Two applications directly exchanging SAML documents is not legal?
>>
>> 2. The only legal interaction patterns are those described in the
>> profiles specification?
>>
>> 3. The semantics of SAML when used in interaction patterns not
>> described in the profiles specification is undefined?
>>
>> Is that what is being stated?

> No, I think Scott is simply saying there is no SAML 2.0 profile that
> governs this situation.  Others are free to specify additional
> profiles of SAML.

Good.  Other interaction patterns are possible.  So the answer to
Prasanta's question is: 

   There is no application-to-application interaction pattern specified

   by the SAML profile specification.  It is up to you to define 
   how things will work.  Thus if the Service Provider receives an
   assertion that is invalid, you must decide how to handle it.

Do I understand correctly how new interaction patterns are to be dealt
with?  

I assume that the profiles described in the profiles specification are
there because the interaction patterns they depict are common, right?  

/Roger



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]