OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: DAV issue with Redirect/Artifact bindings

Getting weasely, the language in Bindings is actually rather loose. It
doesn't use MUST explicitly, it uses phrasing like "the message is
transmitted using the HTTP GET method" and "the user agent delivers the SAML
request by issuing an HTTP GET request".

So, pretty much exactly what I suggested might be useful at the end of the
call, it focuses on the client, not the server, and treats GET more like an
assumption than a rule.

I think it's a perfectly ok change to add text that says "implementations
MAY support other idempotent HTTP methods to maximize interoperability with
non-browser clients".

Even a SHOULD wouldn't be impossible, although I think MAY is good enough.

Point being, it reads just fine that way without even seeming to be in
conflict, unlike if the spec said "HTTP requests conforming to this binding
MUST use the GET method".

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]