OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] multiple SingleLogoutService elements with identical Binding

On 10/7/13 9:43 AM, "Tom Scavo" <trscavo@gmail.com> wrote:

>On Mon, Oct 7, 2013 at 9:40 AM, Cantor, Scott <cantor.2@osu.edu> wrote:
>> Logout, like a lot of the spec, was geared to the federation gateway use
>> case and not the "resource-adjacent" approach that Shibboleth uses to
>> unify enterprise and federated SSO.
>Scott, can you explain what you mean by "resource-adjacent"?

SAML endpoints with vhosts that match those of actual resources, and by
extension needing endpoints for every vhost on which one hosts resources.

The "scaling" issues with this in terms of endpoint proliferation arise
because of the goal of supporting the protocol natively without
supplementing it with a proprietary SSO protocol between a federation
gateway and the actual SSO agent. In Shibboleth the "agent" speaks SAML,
unlike virtually all other enterprise-class solutions.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]