OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: The Core specification is the only "mandatory" specification, the others are just helpful guidelines, right?

Hi Folks,


There are 5 SAML specifications:


  1. Core
  2. Profiles
  3. Bindings
  4. Authentication Context
  5. Metadata


Question: the Core specification is the authoritative specification.  It defines the SAML XML vocabulary.  It defines what tags can be used in a SAML document, what is the meaning of each tag, and how applications should process each tag.  Correct?


Question: the other four specifications are not required; they are intended to be used as “guidelines” and “helpful hints” of how the SAML XML vocabulary might be used in common situations.  For example, the Profiles specification describes 14 interaction patterns, but applications that use SAML don’t have to use any of those 14 interaction patterns, correct?  And even if an application wants to, say, implement Web Browser SSO, it doesn’t have to follow what’s described in the Profile specification for Web Browser SSO. As long as the application uses the SAML vocabulary in a fashion consistent with the Core specification then it’s okay.  Correct?


Thanks.  /Roger

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]