OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] ECP

> One other question on the ECP's initial request -- the ECP 
> does require that the response (first response) back from the 
> SP to be the Saml AuthnRequest using PAOS. Is that correct? 

Hmmm, I'd think that the point is to eventually initiate the profile, but
until you do, you're just "doing stuff with the client".

> I.e., the SP cannot do any additional interactions that the 
> ECP would be able to handle (e.g., an HTTP 302 redirection 
> from the resource protecting filter to a saml requester 
> service) where the eventual response would be the Saml 
> AuthnRequest using PAOS?

I can't see how that would be illegal, given that the client really isn't
"doing the profile" until it gets back the PAOS envelope. As long as the
HTTP request that results in the PAOS response contains the headers that
indicate the client is prepared to do the profile...

Anyway, that's how I would read it, dunno about anyone else. I did a lot of
work on the exact headers flowing around, but the profile by and large is
just work done by the original author who mapped the ID-FF profile to PAOS,
so I'm not exactly the "bible" on this.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]