[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] AttributeQuery : why SOAP binding ?
Hi Valerie, On Tue, Nov 4, 2008 at 8:02 AM, <valerie.bauche@bull.net> wrote: > > In the SAML profile spec, I see an attributeQuery must be sent with a > synchronous binding, such as the SOAP binding. > Why ? That's a good question. You're not the first to ask for a lightweight SAML protocol binding. > I have a case where it should be useful to use a POST or Redirect Binding : > The user authenticate to the IDP with a smartcard. User attributes are in > the smartcard, and we want the IDP to ask the user the permission to read > the attributes in its smartcard and send it to the SP. So if we want the IDP > to interact with the user, we need to send the attribute query with an > asynchronous binding like POST or Redirect.... That's an interesting if not curious variation on SAML Web Browser SSO. By "attribute query" I assume you do NOT mean SAML AttributeQuery since I can't imagine what a browser user might do with one. > Is my use case not compatible with SAML2 spec ? The HTTP bindings in SAML are not general purpose HTTP bindings. They were written with SAML Web Browser SSO in mind. If you want a lightweight HTTP binding, you might want to look at OAuth. > Valérie BAUCHE Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]