OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Authentication Response IssuerName vs. Assertion IssuerName

> I guess that's reasonable. Is there strong objection to 
> making it mandatory in the SSO Response? 


> As an implementer, not having it there really stinks since 
> you cannot handle the protocol layer the same way (or without 
> digging down into the Assertion :-(

I would agree (and I am one), and would personally prefer that it be
mandatory. I'll let others decide, I just didn't want the original intent to
go unmentioned.

Proper layering was for me the primary goal in SAML 2, so given the choice,
I'm pretty universally in favor of cleaner boundaries even when it means
bigger messages.

I think binary encodings are the proper solution to space concerns.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]