A quick note on that SAML-LowLow profile. Of course it is for purposes of example only, tho' I've tried to make it as true to something that could (maybe during an epidemic of bird flu on the SSTC) be realized.
It's really an exercise using assumptions parallel to the ID ... which may turn out to be insufficient in-and-of themselves. The simplifications of the WebSSO HTTPPost are: * The types of nameids (in all cases) is assumed to be fixed * SubjectConfirmation is omitted (so sender-vouches as far as SAML, but for the ID's cases the effect is more bearer, plus no timelimits, etc) * Conditions is omitted (so audience assumed) * Other services and features are ignored: Endpoints and checking of counter- party by authority and relying party are assumed at, essentially, none. Assumes no SLO support for session, no Metadata support, etc. I think that's it. --Nick _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
