OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] SAML 2.0 Technical Overview uploaded

> Additionally, only 8 (not 6 as suggested) of the 12 possible permutations
> are described. We should discuss why the other 4 (those that would have
> the response sent using the redirect binding) are not presented.

And the reason is basically just that we really want the SAML assertion to
be signed when it's delivered by value (rather than a signature over the
whole response only), and an XML signature is too big to DEFLATE and fit on
a URL.

The other protocols can mostly deliver a signed protocol message using the
URL-based signature trick in the Redirect binding, so they can use that
binding more easily on both legs.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]