[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] Is a separate "ArtifactReceiver" required?
> Those who were involved at the Burton Catalyst Interop in > July remember that we (Sigaba) required the source site to > pass the TARGET parameter back to the destination site. We > basically negotiated this with each of the other Interop > vendors. This was part of an unofficial "meta-data" > negotiation between all Interop vendors. Doesn't the profile as currently written say that you MUST pass it? Why would you have had to be explicit about it? I thought that was the issue SAP had with the profile. > The fact that the resulting URL is not bookmark-able is not > necessarily important here. What is important is that the > destination site needs the TARGET parameter to do its job. My point is that the advantage of omitting a parameter like that is to simplify or shorten the URL. The latter might be important, but the former is entirely irrelevant in this case, so that eliminates one reason to bother, IMHO. > P.S. I have proposed that we add this meta-data to the > Metadata for SAML 1.0 Web Browser Profiles. Prateek and Jeff > are the authors of this document. I think in general the question of the initial flow from the resource side back to the source site (in either the artifact or POST case) is important ground for SAML, as it was in Shib and Liberty. It's more than just metadata on the side. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC