[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] preserving query parameters in AssertionConsumerServiceURL
>> I am a bit confused from your answer because my question was about the >> SAML 2.0 standard and not about any concrete implementation or personal >> preference. Could you or anybody else in the mailing list give a short >> real life example when AssertionConsumerServiceURL and when >> AssertionConsumerServiceIndex should be used? Either you want to know what the standard says, or you want real life input. Which would you prefer? Real life input involves the person answering using their personal opinion and experience with implementations to answer your question, which is what I did. I don't much like indexes and they have a variety of drawbacks, the lone exception being they save space. If that's not important, I see no reason to use them at all and suggest that people don't. But that's a personal opinion. As far as the standard is concerned, I agree with Tom that while there are some edge cases worth discussing, such as the query string issue, the explicit processing rules associated with using indexes vs. ACSURL + ProtocolBinding attributes are fairly clear. You can either send the location by reference or value. Pretty typical stuff. If something there is unclear, I'll answer further. > Second, the only time it > seems to make sense to use one of these attributes is when the request > is signed (which has already been pointed out, I think). I'm not sure why that would be the conclusion. What signing does, as was pointed out, is give you a plausible reason to ignore the metadata checking of the location. Absent a signature, you have to perform some kind of check, or simply not worry about who the data's going to, use encryption, or whatever. But the ability to specify the location, using either method, is still useful without signing. You may not even have metadata for the SP, as in a case with the user handling consent. Or the SP may want to specify the outbound binding for various reasons. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]