OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Bindings Committee Recommendation: SAML HTTP Binding should be mandatory-to-implement


At the last bindings con-call the following question was debated:

Which SAML binding should be mandatory-to-implement?

(a) HTTP
(b) SOAP over HTTP with no intermediaries

The general consensus in the bindings commitee appeared to lie
with (a) though some dissent was also expressed (Darren P.).

I would request the chairs that the TC take a formal position on 
this issue perhaps thru a vote on October 9.

In thinking about this issue, please note that we are NOT referring
to the SOAP profile which would continue to be developed within 

The argument for (a) include the following:

(i) SOAP 1.1 IPR is encumbered

(ii) The results of the XMLP effort (SOAP 1.2) may look quite
different from SOAP 1.1 (XMLP will be ready in Q1/02)

(iii) other than marketing issues, we do not gain much by utilizing
SOAP at this point

(iv) "raw" HTTP provides a firmer foundation for our work; notice
that a mandatory-to-implement binding is an additional layer in
the SAML protocol stack.

Arguments for (b) include:

(i) SOAP provides a reasonable packaging structure, at least in
the case of SOAP over HTTP

(ii) SOAP offers a message-level error processing model

(iii) The two alternatives are essentially the same but choosing
SOAP over HTTP offers SAML, better marketing buzz.

(iv) There may be patents lurking for any generic XML messaging
framework; even if we choose (a) we may find that patents apply.

Further discussion may be found in:


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC