OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] The Core specification is the only "mandatory"specification, the others are just helpful guidelines, right?

See below.

On 6/19/06 1:28 PM, "Costello, Roger L." <costello@mitre.org> wrote:

> Hi Folks,
> There are 5 SAML specifications:
> 1. Core 
> 2. Profiles 
> 3. Bindings 
> 4. Authentication Context
> 5. Metadata 
> Question: the Core specification is the authoritative specification.  It
> defines the SAML XML vocabulary.  It defines what tags can be used in a SAML
> document, what is the meaning of each tag, and how applications should process
> each tag.  Correct?

Yes, but Core doesn't really discuss how you send and receive these
documents.  See below....
> Question: the other four specifications are not required; they are intended to
> be used as ³guidelines² and ³helpful hints² of how the SAML XML vocabulary
> might be used in common situations. For example, the Profiles specification
> describes 14 interaction patterns, but applications that use SAML donıt have
> to use any of those 14 interaction patterns, correct?  And even if an
> application wants to, say, implement Web Browser SSO, it doesnıt have to
> follow whatıs described in the Profile specification for Web Browser SSO. As
> long as the application uses the SAML vocabulary in a fashion consistent with
> the Core specification then itıs okay.  Correct?

Not really.  The other specs define the message flows (Profiles) that are
required to achieve a particular purpose (SSO, Attribute sharing, Logout,
etc.).  The Bindings indicate the ways those message flows can be
implemented on top of various transport mechanisms (HTTP POST, SOAP, etc.).

In addition, the Static Conformance Requirements (SCR) document defines the
minimum combination of Profiles and Bindings an implementation must
implement in order to be able to call itself a SAML SP or IDP.

Those are all normative documents, and taken together constitute the SAML

> Thanks.  /Roger

Eric  Tiffany             |  eric@projectliberty.org
Interop Tech  Lead        |  +1 413-458-3743
Liberty Alliance          |  +1 413-627-1778 mobile

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]