OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] SSTC Concall, July 31, 2007 Draft Minutes


On 7/31/07, Frederick Hirsch <frederick.hirsch@nokia.com> wrote:
>
> 2.1 News: E-Authentication now supports SAML V2.0
> http://lists.oasis-open.org/archives/security-services/200707/
> msg00027.html
> Formerly supported SAML 1.0 now supports SAML 2.0

Correction: E-Authn supports SAML V1.1 Browser/Artifact and now
supports SAML V2.0 Web Browser SSO with HTTP POST Binding.  SAML V1.1
Browser/Artifact is deprecated (i.e., will be phased out).

[Begin Comment]

It is interesting to note the justification for switching from HTTP
Artifact to HTTP POST:

[Begin Quote]

Advantages of [POST] binding include:
- Simple to implement (e.g. no firewall reconfigurations required, no
mutual TLS);
- More scalable because HTTP POST is stateless (i.e., Having no
information about what
occurred previously) and requires fewer hardware resources; and
- Faster and less expensive to deploy than SAML Artifact based binding

[End Quote]

[End Comment]

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]