On 5/26/10 5:55 PM, Scott Cantor wrote:
>> right, but that than comes at the expense of more complex SASL
>> interaction, i.e. you are going to send the AuthenticationStatement as a
>> response to the AuthentionRequest challenge over SASL, right?
>
> It's a SAML Response (the statement is well buried), but why is that more
> complex than an empty response, running a web server to handle a SSO
> response, and then making a callback?
>
> I think it's a much simpler flow. Request, Response.
>
> I'm coming at this with probably insufficient SASL knowledge, though I'm
> trying to rectify that. Maybe I'm missing something.
No sorry, what I meant to say is that at the client it is easier to do
"please open a browser with the following url" as opposed to "here is a
saml assertion, deal with it and send me back your
AuthenticationStatement", for the SASL interaction it is not more
difficult indeed.
Klaas
|