OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: DAV issue with Redirect/Artifact bindings

I have some colleagues playing around with use of Redirect and Artifact
bindings combined with basic-auth to adapt some Web/CalDAV clients to allow
SSO via SAML, and they ran into an issue with the fact that the bindings
were written to strictly require GET, while most DAV clients tend to issue
OPTIONS and PROPFIND requests ahead of a GET if you redirect them from an

Strictly speaking, we would need new bindings to fix this, but given the
disruption of that kind of change, and proliferation in metadata, I'm
inclined to ask if we could consider a softer RECOMMENDATION or MAY added to
the existing bindings in an errata that acted like an implementation
guideline suggesting implementers consider allowing any idempotent method to
be used.

Either way, existing implementations that are strict about it wouldn't work
anyway, so adding a new binding vs. softening the practical implementation
of the current bindings doesn't change the delivery cycle much.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]