OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: ECP and Saml 2.0 persistent identifiers

Title: Message
Does anyone know (perhaps I missed it in the Saml 2 specs), do persistent ids just NOT apply to ECP clients/proxies?
Two things I saw that imply this:
1. At the SP, the initial response when requesting a resource is that is has to send an AuthnRequest message that is meant for an IDP. Why isn't the SP allowed to ask the ECP for a local login first (if that's possible).
Consider the case where the user is federating for the first time, the ECP needs to do a local login as well after the AuthnRequeest/Reponse happens.
2. There is no PAOS type of processing for MNI requests (but neither is there SLO requests). Perhaps in this case HTTP-Redirects work as usual (but it begs the question why HTTP Red AutnRequests and HTTP Artifact couldn't be used with ECP).
Thanks, Tom.

Thomas Wisniewski
Software Architect
Phone: (201) 891-0524
Cell: (201) 248-3668
Securing Digital Identities
& Information


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]