> From: Robert Yates [mailto:[EMAIL PROTECTED] > Jeff Hodges wrote: > > > Robert Yates wrote: > > > SAML can only do Web Services > > > > Incorrect -- and where did that notion come from? > > > > The web browser SSO profile of SAML [1], employing either the SAML > > HTTP Redirect Binding or the HTTP POST Binding [2], are essentially > > RESTful, AFAIU. > > agreed, but i think you may be quoting me out of context :). > What I'm trying to state is that SAML cannot be used with > non-browser REST based web services such as the atom > publishing protocol.
I don't know why that would be the case. I wrote the first draft of what became the SAML assertion infrastructure before Microsoft wrote the first draft of SOAP. WS-* is certainly tied down to the Web Services framework. That is a different design decision that has advanatges and disadvantages. WS-* is architected as an active transport layer protocol, SAML is architected as static data. The advantage of the static mode is precisely that you are not tied to transport unless you want to be. REST is just a protocol architecture style. Fielding has a different architectural style to Fristyk-Neilsen or Hallam-Baker. I don't see why the idea of giving his style an acronym makes it more valid than any other or creates an incompatibility. He sees an adantage to keeping to one consistent style that he adopted in 1995 or so. Folk who care about these things can probably see quite a lot of change in my style over the years. There is a case to be made for both approaches.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
