OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] RE: How to provide SAML assertions in RESTful services


> This is the problem... how do I explain how to my RESTful API would
> carry the URI? I was hoping that there was a common way to do this, like
> there is with WS-Security in the SOAP world.

Using a URI is a bigger problem than that because most IdPs wouldn't
remember the assertion for you to dereference.

If you're trying to bind either a URI or a token to every message, then
OAuth is clearly the answer, modulo that I don't agree with their security
choices, and would hope that it would be deemed inadequate for health care
use cases.

If you can live with session-based security vis cookies and/or (more
preferably) client TLS, then ECP works fine for that.

-- Scott





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]