OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] AttributeQuery : why SOAP binding ?


Hi Valerie,

On Tue, Nov 4, 2008 at 8:02 AM,  <valerie.bauche@bull.net> wrote:
>
> In the SAML profile spec, I see an attributeQuery must be sent with a
> synchronous binding, such as the SOAP binding.
> Why ?

That's a good question.  You're not the first to ask for a lightweight
SAML protocol binding.

> I have a case where it should be useful to use a POST or Redirect Binding :
> The user authenticate to the IDP with a smartcard. User attributes are in
> the smartcard, and we want the IDP to ask the user the permission to read
> the attributes in its smartcard and send it to the SP. So if we want the IDP
> to interact with the user, we need to send the attribute query with an
> asynchronous binding like POST or Redirect....

That's an interesting if not curious variation on SAML Web Browser
SSO.  By "attribute query" I assume you do NOT mean SAML
AttributeQuery since I can't imagine what a browser user might do with
one.

> Is my use case not compatible with SAML2 spec ?

The HTTP bindings in SAML are not general purpose HTTP bindings.  They
were written with SAML Web Browser SSO in mind.  If you want a
lightweight HTTP binding, you might want to look at OAuth.

> ValÚrie BAUCHE

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]