[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Some tech overview comments
> While I think ECP is actually quite clever, is it not, actually, > more often, in pre-existing devices/architectures, used like a > prosthetic/remediation profile? And wouldn't -most- new clients > be wise to study closely, and give initial favor to, the other > profiles? Which gets to Brian's questions in: Well, no. The browser profile is the one to avoid, especially when designing new work. ECP, and its Liberty variants and profiles of plain SOAP SSO are the ones to use for most use cases. They address discovery and support all applications that can handle SAML assertions as an attachment. If anything we undersell ECP, but that's mainly because you need ID-WSF to maximize its usefulness. > 5.2 ECP Profile > The browser SSO profile discussed above works with popular web > browsers, fully-featured web libraries and tool kits, and many > embedded implementations. This section, in contrast, describes > a SAML V2.0 profile which fits when, to participate in SAML V2.0 > use cases, a client deployment context requires assistance > through proxy service, or requires enhancement. But this is simply wrong. It is for clients that have intelligence. The proxy/WAP angle is the one I find silly. I'm sure that matters to a particular niche, but it's not appropriate for an overview. None of this is to disagree with Brian's points...I think there's a place to talk about ECP but not as a basic example of what's currently in the spec and in wide use. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]