OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] SAML 2.0 tech overview - initial diagrams


hmmm ...

thinking about it more - not that simple.  Whilst it make sense to remove
the SSO service to local ITS transfer in the SP initiated use case, the
problem comes with the way the section is structured.  If 4.1.3.5 removes
the SSOS->ITS transfer then in the IdP-initated use case the ITS disappears
as well.  I'm not sure we want to do this.


John

> -----Original Message-----
> From: John Hughes [mailto:john.hughes@entegrity.com]
> Sent: 01 July 2004 10:39
> To: Scott Cantor
> Cc: 'oasis sstc'
> Subject: RE: [security-services] SAML 2.0 tech overview - initial
> diagrams
>
>
> Scott,
>
> I would recommend that 4.1.3.5 should be re-written to remove the SSO
> service to local ITS transfer - so that the SSO service issues
> the redirect
> directly to the user agent.   This simplifies the message interactions -
> benefiting performance and configurability.
>
> Whilst doing this I would also address my previous comment about the
> IDP-initiated flow of the text from line 331 to section 4.1.3.5 -
> plus have
> some additional words on the artifact binding.
>
>
> John
>
>
>
> > -----Original Message-----
> > From: Scott Cantor [mailto:cantor.2@osu.edu]
> > Sent: 30 June 2004 21:31
> > To: 'John Hughes'; 'oasis sstc'
> > Subject: RE: [security-services] SAML 2.0 tech overview - initial
> > diagrams
> >
> >
> > > that was also one of my queries in producing the diagrams - it wasn't
> > > clear (at least after a few readings) - whether Response/Artifacts
> > > should/could go via the IdP ITS.  Below implies that you
> > believe the SSO
> > > service should send the response/artifact (via the
> appropriate binding)
> > > directly to the SP?  I must admit the SSO->ITS step seemed
> unnecessary.
> >
> > I'm not sure how we want to describe it. I guess in part I was
> > just building
> > around what some of the pieces were in the original profile, but
> > it may just
> > be harder to understand that way.
> >
> > Should I just remove that piece from the profile?
> >
> > -- Scott
> >
> >
> > To unsubscribe from this mailing list (and be removed from the
> > roster of the OASIS TC), go to
> > http://www.oasis-open.org/apps/org/workgroup/security-services/mem
> > bers/leave_workgroup.php.
>
>
> To unsubscribe from this mailing list (and be removed from the
> roster of the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave
_workgroup.php.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]