OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: ECP clarifications

I'd like to get a couple of clarifications on the ECP protocol.

* What is the meaning of IsPassive in the context of ECP?

With the more familiar Web SSO profiles IsPassive is supposed to control whether the IdP can interact with the user agent. But with ECP there is no user agent for the IdP to engage with. In addition the IsPassive flag is set by the SP when initiating it's request to the ECP client which implies it is the SP who is determining whether the authentication may be interactive or not. But with ECP it is not intended there is a request/response interchange between the IdP and the SP.

Therefore what is the SP provided IsPassive flag in the ECP request specifying?

Is the IsPassive flag in the SAML AuthnRequest to be interpreted independently of the ECP Request IsPassive flag and if so how and why?

* IsPassive and ProviderName redundant with <AuthnRequest>

When an SP needing authentication responds to an ECP client it includes an ECP Request element in the SOAP header and a SAML2 AuthnRequest in the SOAP body.

Both the ECP Request and the SAML AuthnRequest contain:


Is it intended the values be an exact copy between the ECP Request and the AuthnRequest?

Are they repeated in the ECP Request for the sole convenience of the ECP client such that it does not have to also parse the AuthnRequest to obtain them? Or are the values in the ECP Request entirely independent? If so why/how?



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]