OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Use Cases

Anthony Nadalin wrote on 12/1/2003, 8:21 PM:
 > > Of course, if we were to do that, we would have to have protocols
 > > to enable it on the back channel (a SOAP interface accessed
 > > directly by the SP) and on the front >channel (a redirect of
 > > the user's browser from the SP to the IdP).  The front channel
 > > is needed for IdPs that store session information on the user's
 > > browser.
 > This should not be forced to be a back channel ( a SOAP interface
 > accessed directly by the SP)

Agreed.  That was the point I was making.

 > as there are requirements to have other requestor types than
 > a browser.

However, this I don't understand.  The front channel (via an HTTP 
Redirect) would only be available when there was a browser around.

Are you saying that the SSTC should profile client protocols other than 
HTTP?  Or that the non-browser client would still utilize an HTTP 

Also, in my mind, the nead for the front channel interfaces have 
revolved around two scenarios:  a) client side state that the receiverr 
needs in order to be able to process the request, and b) enabling early 
implementations by SPs that don't want to deal with SOAP.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]