[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] RE: [saml-dev] RE: Is a separate"ArtifactReceiver" required?
I am in maximal agreement with your position. The question is what should go into SAML 1.1 vs SAML 2.0 vs Liberty Alliance. The last is providing a "complete" framework for some of these issues. My comments were meant to be scoped to SAML 1.1. - prateek >> >>"Needs" is the key word here. It doesn't need to be anything more, but >>in a real world implementation, one finds lots of reasons to >>want to do >>more. >> >>Bob, is there a Web-ISO project document that discusses any >>requirements >>in this area? >> >>From my own experience, I can think of a few things: >> >>- error/status information from the resource site >>- customization hooks for the resource site >>- optional feature control, such as bypassing single sign-on >>- timestamp information for those willing to sync clocks helps detect >>stale redirects (the "Back" button fix) >>- ability to POST the redirect to allow session maintenance >>across form >>POSTs (a critical issue that requires use of the POST profile to work) >> >>None of that needs to be part of SAML, obviously, but I'd >>never deploy a >>new SSO system that didn't at least plan to deal with things like that >>at some point. >> >>It's perhaps partly driven by the fact that "target first" is >>by far the >>primary scenario at my organization. >> >>-- Scott >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC