OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] RE: [saml-dev] RE: Is a separate"ArtifactReceiver" required?

I am in maximal agreement with your position. The question is what should go
into SAML 1.1 vs SAML 2.0 vs Liberty Alliance.
The last is providing a "complete" framework for some of these issues. My
comments were meant to be scoped to SAML 1.1. 

- prateek

>>"Needs" is the key word here. It doesn't need to be anything more, but
>>in a real world implementation, one finds lots of reasons to 
>>want to do
>>Bob, is there a Web-ISO project document that discusses any 
>>in this area?
>>From my own experience, I can think of a few things:
>>- error/status information from the resource site
>>- customization hooks for the resource site
>>- optional feature control, such as bypassing single sign-on
>>- timestamp information for those willing to sync clocks helps detect
>>stale redirects (the "Back" button fix)
>>- ability to POST the redirect to allow session maintenance 
>>across form
>>POSTs (a critical issue that requires use of the POST profile to work)
>>None of that needs to be part of SAML, obviously, but I'd 
>>never deploy a
>>new SSO system that didn't at least plan to deal with things like that
>>at some point.
>>It's perhaps partly driven by the fact that "target first" is 
>>by far the
>>primary scenario at my organization.
>>-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC