[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] proposed change to POST profile: send Responseinstead of Assertion
If everyone else is convinced, I guess I am. *If* everyone else
convinced? Could an HTTP binding be made dead-simple enough to "happen" to
carry a SAML request or response? If so, why didn't we include it in SAML 1.0?
Eve
At 11:29 PM 1/29/02 -0800, RL 'Bob' Morgan wrote:
>On Tue, 29 Jan 2002, Eve L. Maler wrote:
>
> > I hate to ask about this, but: It seems to create a limited sort of
> > HTTP protocol binding for at least the back half of a SAML
> > request-response protocol exchange; do we need to cover this in the
> > bindings doc?
>
>Hmm, I don't see why. The reason to write a SAML HTTP(s) binding would be
>so that SAML-savvy software could send SAML Requests and Responses via
>HTTP(s). But this is just about an ordinary browser sending in a HTTP
>POST some data that happens to be a (signed) SAML Response. Two different
>animals (one of which remains theoretical, at least for now).
>
> - RL "Bob"
>
>
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>
--
Eve Maler +1 781 442 3190
Sun Microsystems XML Technology Center eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC