> No sorry, what I meant to say is that at the client it is easier to do
> "please open a browser with the following url" as opposed to "here is a
> saml assertion, deal with it and send me back your
> AuthenticationStatement", for the SASL interaction it is not more
> difficult indeed.
That isn't how ECP works. Enhanced clients deal in SOAP envelopes, not SAML
messages. They certainly don't parse or manipulate assertions.
I have everything written up but the examples and security considerations at
this point, so I should have a draft submitted by tomorrow.
-- Scott
|