its still important to realize that SOAP-based systems of identity (SAML and WS-Federation) are still much more adept at maneuvering through high-risk transactions that take place onlineSAML does define a SOAP Binding as one mechanism for moving messages and assertions around. It also defines a number of other bindings that have nothing to do with SOAP.
I understand the mistake. SOAP is 'complex', SAML is 'complex', it just makes sense that they must be inextricably intertwined.
3 comments:
Yes, I have never had an issue using SAML with my HTTP connection management system and HTML rendering software. Oops, I mean Firefox.
You're right, Paul, SOAP is not required, but it's easy to see why Eric (and others) make that association. Most implementations of SAML V1.1 employ either Browser/Artifact or attribute query, both of which require SOAP. On the other hand, emerging implementations of SAML V2.0 seem to be focusing on Browser/POST, which does not require SOAP. It may be too late to undo the damage, however.
Could you in a future blog entry comment on WS-XACML and how it can help make user-centric identity better?
Post a Comment