OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: ResponseLocation attribute

Title: ResponseLocation attribute

Hi. I just wanted to confirm the use of the ResponseLocation attribute in the metadata.

This attribute MUST not apply to artifact resolution, single signon, and name id mapping, but can apply to manage name id and single logout. The wording seems to suggest that it also only applies to the protocol response (as opposed to the request) as well.

I want to confirm that the purpose of this is NOT as an alternate location for failover/loadbalancing purposes -- which can be achieved via add'l service RoleDescriptors (unless of course there is an implied restriction, based on the example, that one can only define a single RoleDescriptor for a service per binding type)?

Rather the purpose of it is for it to ALWAYS be used instead of (i.e., in place of) the Location attribute when sending the response (when the attribute is present). Therefore for the supported protocols, you can have different urls for the request and response messages (Lcoation and ResponseLocation, respectively). The definition however, on lines 227-228, states that the ResponseLocation is a "secondary location" which seems to suggest you could try this for failover or in place of the Location attribute (seem not to be well defined).

Thanks, Tom.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]