[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] proposed change to POST profile: send Responseinstead of Assertion
If everyone else is convinced, I guess I am. *If* everyone else convinced? Could an HTTP binding be made dead-simple enough to "happen" to carry a SAML request or response? If so, why didn't we include it in SAML 1.0? Eve At 11:29 PM 1/29/02 -0800, RL 'Bob' Morgan wrote: >On Tue, 29 Jan 2002, Eve L. Maler wrote: > > > I hate to ask about this, but: It seems to create a limited sort of > > HTTP protocol binding for at least the back half of a SAML > > request-response protocol exchange; do we need to cover this in the > > bindings doc? > >Hmm, I don't see why. The reason to write a SAML HTTP(s) binding would be >so that SAML-savvy software could send SAML Requests and Responses via >HTTP(s). But this is just about an ordinary browser sending in a HTTP >POST some data that happens to be a (signed) SAML Response. Two different >animals (one of which remains theoretical, at least for now). > > - RL "Bob" > > > >---------------------------------------------------------------- >To subscribe or unsubscribe from this elist use the subscription >manager: <http://lists.oasis-open.org/ob/adm.pl> -- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Center eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC