[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Some tech overview comments
+1 I think we can do justice to ECP in the technical overview as well as other SAML profiles. I'm in the process of reviewing the technical overview and will see if I have any concrete suggestions. regards, Frederick Frederick Hirsch Nokia On Feb 14, 2008, at 10:32 AM, ext Scott Cantor wrote: >> While I think ECP is actually quite clever, is it not, actually, >> more often, in pre-existing devices/architectures, used like a >> prosthetic/remediation profile? And wouldn't -most- new clients >> be wise to study closely, and give initial favor to, the other >> profiles? Which gets to Brian's questions in: > > Well, no. The browser profile is the one to avoid, especially when > designing > new work. ECP, and its Liberty variants and profiles of plain SOAP > SSO are > the ones to use for most use cases. They address discovery and > support all > applications that can handle SAML assertions as an attachment. > > If anything we undersell ECP, but that's mainly because you need ID- > WSF to > maximize its usefulness. > >> 5.2 ECP Profile >> The browser SSO profile discussed above works with popular web >> browsers, fully-featured web libraries and tool kits, and many >> embedded implementations. This section, in contrast, describes >> a SAML V2.0 profile which fits when, to participate in SAML V2.0 >> use cases, a client deployment context requires assistance >> through proxy service, or requires enhancement. > > But this is simply wrong. It is for clients that have intelligence. > The > proxy/WAP angle is the one I find silly. I'm sure that matters to a > particular niche, but it's not appropriate for an overview. > > None of this is to disagree with Brian's points...I think there's a > place to > talk about ECP but not as a basic example of what's currently in > the spec > and in wide use. > > -- Scott > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs > in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]