saml-dev message

Subject: Re: [saml-dev] SAML2 metadata for a SAML1 IdP

From: "Tom Scavo" <trscavo@gmail.com>
To: "Scott Cantor" <cantor.2@osu.edu>
Date: Sun, 1 Jul 2007 16:15:01 -0400

On 7/1/07, Scott Cantor <cantor.2@osu.edu> wrote:
> > Sorry, Scott, I'm not understanding you.  I'm talking about ordinary
> > SAML1 IdP-initiated Browser/POST.  What does IdP metadata look like in
> > this case?
>
> Whatever you want it to look like (that's what unspecified means), but I
> stand by the original statement. There is no such thing as "ordinary SAML1
> IdP-initiated Browser/POST". You can't get an IdP to respond using thought
> waves. Something from the client has to tell it to respond. That's an
> AuthnRequest, whatever the form.

So what I hear you saying is that a deployment's implementation of
Step 1 of the SAML1 browser profile determines the binding.  Okay,
that makes sense.

Let me ask a different question.  Does the use of
IDPSSODescriptor/SingleSignOnService imply adherence to the four steps
of the SAML1 browser profile?  In other words, is it wrong to use that
descriptor for some other profile?

Tom

Follow-Ups:
- RE: [saml-dev] SAML2 metadata for a SAML1 IdP
  - From: "Scott Cantor" <cantor.2@osu.edu>

References:
- SAML2 metadata for a SAML1 IdP
  - From: "Tom Scavo" <trscavo@gmail.com>
- Re: [saml-dev] SAML2 metadata for a SAML1 IdP
  - From: "Tom Scavo" <trscavo@gmail.com>