OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] comments re sstc-saml-holder-of-key-browser-sso-draft-10

I didn't say that quite right.  Binding support must be two-way
(obviously), so what I'm trying to say is that both parties MUST
support HTTP Redirect and HTTP POST.  On the other hand, I would like
to say that HTTP Artifact is OPTIONAL.

The latter intentionally deviates from the SAML V2.0 conformance spec.
 I believe that support for HTTP Artifact is a quality that
distinguishes full conformance from "lite" conformance.  The latter is
what we should shoot for in this spec, or so I claim.



On Sun, Jan 11, 2009 at 11:22 AM, Tom Scavo <tscavo@ncsa.uiuc.edu> wrote:
> In the HoK Web Browser SSO Profile, what bindings MUST the IdP and the
> SP support for conformance purposes?  I would think that the SP MUST
> support HTTP Redirect while the IdP MUST support HTTP POST.  Does this
> sound reasonable?
> Tom

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]