28 messages in org.oasis-open.lists.security-servicesRE: [security-services] Use Cases| From | Sent On | Attachments |
|---|---|---|
| Beach, Michael C | Oct 23, 2003 12:49 pm |  .bin, .doc |
| John Kemp | Nov 24, 2003 1:58 pm | |
| Beach, Michael C | Nov 25, 2003 11:24 am | |
| Greg Whitehead | Nov 25, 2003 11:50 am | |
| Beach, Michael C | Nov 25, 2003 12:24 pm | |
| Greg Whitehead | Nov 25, 2003 12:32 pm | |
| John Kemp | Nov 26, 2003 6:20 am | |
| Scott Cantor | Nov 26, 2003 8:22 am | |
| John Kemp | Nov 27, 2003 7:49 am | |
| Scott Cantor | Nov 28, 2003 9:30 pm | |
| Conor P. Cahill | Nov 29, 2003 2:14 am | |
| Conor P. Cahill | Nov 29, 2003 2:25 am | |
| Conor P. Cahill | Nov 29, 2003 2:27 am | |
| John Kemp | Nov 29, 2003 5:54 am | |
| Conor P. Cahill | Nov 29, 2003 11:35 am | |
| Beach, Michael C | Nov 29, 2003 11:37 am | |
| John Kemp | Nov 29, 2003 11:52 am | |
| Beach, Michael C | Nov 29, 2003 11:59 am | |
| Beach, Michael C | Nov 29, 2003 12:03 pm | |
| Conor P. Cahill | Nov 29, 2003 1:46 pm | |
| Conor P. Cahill | Nov 29, 2003 2:59 pm | |
| Anthony Nadalin | Nov 30, 2003 5:23 pm | |
| Conor P. Cahill | Nov 30, 2003 7:18 pm | |
| Conor P. Cahill | Dec 1, 2003 4:16 am | |
| Anthony Nadalin | Dec 1, 2003 9:31 pm | |
| Conor P. Cahill | Dec 2, 2003 4:38 am | |
| Anthony Nadalin | Dec 3, 2003 4:36 am | |
| Conor P. Cahill | Dec 3, 2003 4:54 am |
| Subject: | RE: [security-services] Use Cases | |
|---|---|---|
| From: | Conor P. Cahill (conc...@aol.com) | |
| Date: | Dec 2, 2003 4:38:51 am | |
| List: | org.oasis-open.lists.security-services | |
Anthony Nadalin wrote on 12/1/2003, 8:21 PM:
Of course, if we were to do that, we would have to have protocols to enable it on the back channel (a SOAP interface accessed directly by the SP) and on the front >channel (a redirect of the user's browser from the SP to the IdP). The front channel is needed for IdPs that store session information on the user's browser.
This should not be forced to be a back channel ( a SOAP interface accessed directly by the SP)
Agreed. That was the point I was making.
as there are requirements to have other requestor types than a browser.
However, this I don't understand. The front channel (via an HTTP Redirect) would only be available when there was a browser around.
Are you saying that the SSTC should profile client protocols other than HTTP? Or that the non-browser client would still utilize an HTTP interface?
Also, in my mind, the nead for the front channel interfaces have revolved around two scenarios: a) client side state that the receiverr needs in order to be able to process the request, and b) enabling early implementations by SPs that don't want to deal with SOAP.
Conor