[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [Fwd: [security-services] Optionality of SP support of a SOAP interface for IdP-initiated SLO]
Summarizing the proposal for change to conformance-2.0-draft-05-diff: Operational Mode: IdP Single Logout (IdP-initiated) - SOAP ---- From OPTIONAL to MUST Single Logout (SP-initiated) - SOAP ----- From OPTIONAL to MUST Operational Mode: SP Single Logout (IdP-initiated) - SOAP ---- From OPTIONAL to MUST Single Logout (SP-initiated) - SOAP ----- From OPTIONAL to MUST - prateek -----Original Message----- From: Scott Cantor [mailto:cantor.2@osu.edu] Sent: Tuesday, August 17, 2004 11:42 AM To: 'John Kemp'; 'SAML' Subject: RE: [Fwd: [security-services] Optionality of SP support of a SOAP interface for IdP-initiated SLO] > I just noticed that, in fact, we currently do not mandate SP-initiated > SOAP-based SLO at the IdP either. Since the same issue arises, I would > like to amend my previous proposal to make the following two > changes to [1] > > * Mandate Single Logout (IdP-initiated) - SOAP support by SPs > * Mandate Single Logout (SP-initiated) - SOAP support by IdPs > > Both of these changes affect the table at line 151 of [1] - each > changing a cell from 'OPTIONAL' to 'MUST' Wouldn't you need it in both directions? * Mandate Single Logout (IdP-initiated) - SOAP support by IdPs * Mandate Single Logout (SP-initiated) - SOAP support by SPs Otherwise you have support to consume SOAP logout at both ends, but no requirement that the IdP can relay it, since it might not support it, and its SPs might not support receiving it. I assume that's why all four are a MUST in ID-FF, not just 2 of them. -- Scott To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave _workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]