OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] proposed change to POST profile: send Responseinstead of Assertion

If everyone else is convinced, I guess I am.  *If* everyone else 
convinced?  Could an HTTP binding be made dead-simple enough to "happen" to 
carry a SAML request or response?  If so, why didn't we include it in SAML 1.0?


At 11:29 PM 1/29/02 -0800, RL 'Bob' Morgan wrote:

>On Tue, 29 Jan 2002, Eve L. Maler wrote:
> > I hate to ask about this, but: It seems to create a limited sort of
> > HTTP protocol binding for at least the back half of a SAML
> > request-response protocol exchange; do we need to cover this in the
> > bindings doc?
>Hmm, I don't see why.  The reason to write a SAML HTTP(s) binding would be
>so that SAML-savvy software could send SAML Requests and Responses via
>HTTP(s).  But this is just about an ordinary browser sending in a HTTP
>POST some data that happens to be a (signed) SAML Response.  Two different
>animals (one of which remains theoretical, at least for now).
>  - RL "Bob"
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>

Eve Maler                                    +1 781 442 3190
Sun Microsystems XML Technology Center   eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC