security-services message

Subject: RE: [security-services] Rob's errata: Conf 2a

From: Thomas Wisniewski <Thomas.Wisniewski@entrust.com>
To: Scott Cantor <cantor.2@osu.edu>, 'Brian Campbell' <bcampbell@pingidentity.com>, "'Robert Philpott (RSA)'" <rphilpott@rsasecurity.com>, 'SAML' <security-services@lists.oasis-open.org>
Date: Tue, 13 Sep 2005 12:05:13 -0400

Title: RE: [security-services] Rob's errata: Conf 2a

Scott, where does the text suggest that both methods are required for 'transmitting' SAMLart?

Tom.

> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Tuesday, September 13, 2005 12:02 PM
> To: 'Brian Campbell'; 'Robert Philpott (RSA)'; 'SAML'
> Subject: RE: [security-services] Rob's errata: Conf 2a
>
>
> > So, to be conformant, is an implementation required to send/produce
> > artifacts via both POST and GET? Or just to accept them via either
> > method?
>
> Both. The binding is not specific to POST or GET, it requires
> both as a
> method to transmit or receive an artifact. This was copied from ID-FF,
> although nobody seemed to know that it was there. The purpose
> is to allow
> GET vs. POST to be decided as a deployment issue independent of the
> deployment decision of whether to use artifact or not. The only reason
> Redirect and POST are separate bindings is that they're such different
> encodings.
>
> -- Scott
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail. You may a link to this group and all
> your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgr
> oups.php
>

Follow-Ups:
- RE: [security-services] Rob's errata: Conf 2a
  - From: "Scott Cantor" <cantor.2@osu.edu>