[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [Fwd: [security-services] Optionality of SP support of a SOAPinterface for IdP-initiated SLO]
ext Scott Cantor wrote: >>I just noticed that, in fact, we currently do not mandate SP-initiated >>SOAP-based SLO at the IdP either. Since the same issue arises, I would >>like to amend my previous proposal to make the following two >>changes to [1] >> >>* Mandate Single Logout (IdP-initiated) - SOAP support by SPs >>* Mandate Single Logout (SP-initiated) - SOAP support by IdPs >> >>Both of these changes affect the table at line 151 of [1] - each >>changing a cell from 'OPTIONAL' to 'MUST' >> >> > >Wouldn't you need it in both directions? > >* Mandate Single Logout (IdP-initiated) - SOAP support by IdPs >* Mandate Single Logout (SP-initiated) - SOAP support by SPs > >Otherwise you have support to consume SOAP logout at both ends, but no >requirement that the IdP can relay it, since it might not support it, and >its SPs might not support receiving it. > >I assume that's why all four are a MUST in ID-FF, not just 2 of them. > > > Yes, actually, you're right. That is actually what I meant. - JohnK
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]