It could go in the HTTP Authorization field using a new scheme to be defined.
There seem to be several people interested in enhancing HTTP to allow data like this to be provided for REST-style interactions. This has parallels with putting data in SOAP headers rather than in the content of the message.
Terry
-----Original Message-----
From: Robert Yates <[EMAIL PROTECTED]>
To: Digital Identity Exchange <[email protected]>
Sent: Wed, 22 Mar 2006 16:39:42 -0500
Subject: SAML and REST - was Re: [dix] DIX use cases
so I admit that I am confused and probably out of my depth, and I know better than to argue with the initial spec author that it can't be done.
but I simply don't understand what it means to use SAML with something like atompub http://www.ietf.org/internet-drafts/draft-ietf-atompub-protocol-08.txt or any of the plethora of so-called REST based web services.
Here is an ATOM post.
POST /myblog/entries HTTP/1.1
Host: example.org
User-Agent: Thingio/1.0
Content-Type: application/atom+xml
Content-Length: nnn
<entry xmlns="http://www.w3.org/2005/Atom">
<title>Atom-Powered Robots Run Amok</title>
<id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id>
<updated>2003-12-13T18:30:02Z</updated>
<content>Some text.</content>
</entry>
Where does the SAML go? I apologize for my lack of understanding here.
Rob
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
_______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
