OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Bindings draft 04 uploaded

I uploaded a PDF and OO doc with change bars that just reflects some
revisions to the introduction and the SOAP binding to steer us toward a
revised binding that supports what we need it to support (namely arbitrary
SAML protocols and the use of things like WSS for those so inclined).

Depending on how strictly one reads the original binding, I felt a URI
change was warranted, but can discuss. The SOAP header stuff doesn't bug me
much, but the language was rather explicit about sending samlp:Request and
samlp:Response and I'm softening it to use more generic terms that we need
to agree on to use across the spec.

As far as WSS, I saw nothing in the original binding that would preclude it
except for the language about the responder not relying on SOAP headers and
some overly strong language in the HTTP section that says things like you
MUST use TLS for confidentiality, when I thought the intent was that as a
conformance issue you MUST support it, not that you MUST use it.

Comments welcome, meanwhile I'll be working on an HTTP/useragent binding for
sending messages on URLs or with forms (but prolly not specifying the URL
encoding mess yet). Artifact needs special attention and will save for

Oh, and there's SOAP 1.2 to deal with I guess...any takers?

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]