[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [Action - Prateek]: Should the Bindings Group select either the HTTP or SOAP protocol bindings?
Prateek, I assume question #1 is (1) Do we require BOTH a HTTP binding and a *SOAP* binding in SAML 1.0? Here are my observations: IMHO, a SAML implementation without a binding is pretty much useless in terms of interoperability. The next point is that SAML is the *ONLY* vehicle which can address web services security comprehensively. (Pl correct me if I am wrong on this). Given that SOAP is the defacto for web services (at least in the near term) SOAP binding is very important for adoption. With regards to HTTP, again, SAML offers a lot of features missing in the current world. So, IMHO, HTTP and SOAP binding should be mandatory for SAML. This makes SAML interoperable and able to work with the two popular "protocols". I think the SOAP binding would be more flexible and rich in features than HTTP binding. If we decide to do only one binding, I would vote for SOAP binding. cheers |-----Original Message----- |From: Mishra, Prateek [mailto:pmishra@netegrity.com] |Sent: Monday, October 01, 2001 9:23 AM |To: 'security-services@lists.oasis-open.org'; |'security-bindings@lists.oasis-open.org' |Subject: [Action - Prateek]: Should the Bindings Group select either the |H TTP or SOAP protocol bindings? | | |Colleagues, | |One part of the discussions at f2f#4 concerned the following: | |(1) Do we require BOTH a HTTP binding and a SAML binding in SAML 1.0? |RESPOND: Yes/No | |(2a) If yes, which binding is going to be Mandatory-to-Implement? |RESPOND: HTTP/SOAP 1.1 | |(2b) If no, which binding is of interest to you? |RESPOND: HTTP/SOAP 1.1/another proposal | |___________________ |My votes: | |(1) No |(2b) SOAP 1.1 with some sanity restrictions concerning the use of |intermediates |(see related message). |SOAP/HTTP would be called out in full detail and would be |mandatory-to-implement. | |------------------------------ |I think there is a lot of merit in restricting SAML 1.0 to a |single binding. |We are all working with a common "internet architecture" and i dont see |the type of divergence out there that would require two distinct bindings |proposals. |The (fundamentals parts of) SOAP messaging architecture seem to be |well-accepted |and widely implemented. | |Also, a single binding, designed and debugged with care is more valuable |that two bindings which havent been shaken out fully. Basically, |doing the |right job for two bindings is going to take more time and I would like |some compelling reasons that we really need the two. | |Notice also, that folks who need additional |bindings can go ahead and develop and register them (where? We need to |work on closing this item). | |- prateek | | |---------------------------------------------------------------- |To subscribe or unsubscribe from this elist use the subscription |manager: <http://lists.oasis-open.org/ob/adm.pl> |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC