OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services-comment] profiles and bindings.

Hello Kenny,

SAML bindings describe underlying mechanisms for how to transport SAML 
*protocol* (request/response) messages around.  Thus, the SOAP binding 
explains how to communicate with a SAML-authority-as-SOAP-web-service.

SAML profiles define templates for accomplishing some specific task 
using SAML *assertions*.  Now, in the course of following the template, 
you may sometimes be in the position of communicating with a SAML 
authority by sending it requests and getting responses, and so this 
means that, embedded within each profile, there may be some instances of 
protocol binding usage.  But sending an assertion by HTTP doesn't 
constitute a use of SAML's protocol.

I suppose each profile could be said to be a whole new protocol all by 
itself, but we didn't go there...  SAML profiles are a lot more 
complicated, and are on a different application level, than the basic 
SAML request/response protocol.

Clear as mud? :-)


Kenny Yarmosh wrote:
> Deer OASIS:
> I am a student and was recently doing some reading on SAML. I have read the
> documentation but ideas related to profiles and bindings still are not
> entirely clear to me. I understand that the binding is the means in which
> the request/response assertion is transported but it seems to me that the
> profile does somewhat the same thing. As defined, the profile states how a
> SAML assertion is inserted or extracted from a message or protocol (that
> makes sense). My confusion comes, however, because it seems in the case of
> the SSO profile (through a Web browser) that first of all we are not using
> the SOAP binding and that this actually defines another means for an
> assertion to be transported (which would seem to indicate an additionally
> binding via solely HTTP). Any info would be greatly appreciated.
> Sincerely,
> Kenny Yarmosh

Eve Maler                                        +1 781 442 3190
Sun Microsystems                            cell +1 781 354 9441
Web Technologies and Standards               eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC