OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] RE: How to provide SAML assertions in RESTful services


We (Healthcare security geeks) agree. And part of the effort is to
identify the residual risks associated with RESTful vs SOAP solution. It
is only by exposing these explicitly that we will make progress. So, I
implore you to help me itemize the problems associated with taking a
well defined SOAP solution that leverages WS-Security and forcing a new
interface to be built that is RESTful.

John

> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Saturday, June 26, 2010 12:56 PM
> To: Toby.Considine@gmail.com; saml-dev@lists.oasis-open.org
> Subject: RE: [saml-dev] RE: How to provide SAML assertions in RESTful
> services
> 
> > I am always fascinated by the assertions that SOAP is too complex
and
> all
> > you need is REST so you can have simple interactions--an observation
> which
> > remains unexamined as ever more brittle ziggurats are built atop
REST.
> There
> > are reasons to choose each. If you have to strain as hard as one
does on
> > this thread, perhaps you have chosen the wrong one.
> 
> I think they're both a complete disaster when it comes to security,
but I
> don't see any straining except to understand the use case. That tends
to
> be
> difficult in multi-tier scenarios.
> 
> -- Scott
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: saml-dev-help@lists.oasis-open.org



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]