OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] Web Post Profile and Conformance

Title: RE: [security-services] Web Post Profile and Conformance

> In the bindings document, the Browser Profiles (lines
> 377-732) the term SSO
> Assertion is used repeatedly. This is an undefined term as
> far as I know. Is
> it supposed to be Authentication Assertion? Apparently,
> that's what the
> Conformance folks think, as reflected in the table on line 166 in the
> conformance document.
> [Prateek Mishra]
> 374-376 of bindings-09 define SSO assertion using the following text:
> In the discussion of the web browser SSO profiles, the term
> SSO assertion
> will be used to refer
> to an assertion that has a <saml:Conditions> element with
> NotBefore and
> NotOnOrAfter 375
> attributes present and that contains one or more
> authentication statements.
> 376

Can this definition be made more prominent in some way? Should it go into the Glossary?

> 4.  Given this, I don't see why implementation of the SOAP binding is
> mandatory, if only this Profile is supported.
> [Prateek Mishra] Binding and Profile are distinct entities.

Sorry, I was unclear. This is what I meant.

As I understand it, the artifact profile requires you to fetch the assertions somehow. The only defined way to do this is the SOAP binding. Therefore you will have to do the SOAP profile.

If you are doing something not specified by any profile, it probably also make sense to to use the SOAP binding to fetch assertions.

However, if you are only doing the POST profile, you have no motive to do the SOAP binding, because you don't need it to fetch assertions, since they come via the Browser. In this case, implementing the SOAP binding is just extra work done in order to comply with the mandatory conformance requirement.

If everybody is always going to do both Browser profiles, this is a non-issue.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC