RE: SAML and REST - was Re: [dix] DIX use cases

To: "Digital Identity Exchange" <dix at ietf.org>

Subject: RE: SAML and REST - was Re: [dix] DIX use cases

From: "Hallam-Baker, Phillip" <pbaker at verisign.com>

Date: Wed, 22 Mar 2006 20:27:06 -0800

List-archive: <http://www1.ietf.org/pipermail/dix>

List-help: <mailto:dix-request@ietf.org?subject=help>

List-id: Digital Identity Exchange <dix.ietf.org>

List-post: <mailto:dix@ietf.org>

List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>

List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>

Reply-to: Digital Identity Exchange <dix at ietf.org>

Thread-index: AcZOGcCpmPOyUmzdQB6rX4/cBI9oYQAF9Lzg

Thread-topic: SAML and REST - was Re: [dix] DIX use cases

Lets forget about REST and concentrate on the BEST place.

The HTTP-Authorization field is the right place (and no I did not choose that tag name and I objected at the time, they snuck it in along with BASIC while I was suffering from food poisoning). I am responsible for the imaginative spelling of Referer though.

From: thayes0993 at aol.com [mailto:thayes0993 at aol.com]
Sent: Wednesday, March 22, 2006 7:33 PM
To: dix at ietf.org
Subject: Re: SAML and REST - was Re: [dix] DIX use cases

It could go in the HTTP Authorization field using a new scheme to be defined.

There seem to be several people interested in enhancing HTTP to allow data like this to be provided for REST-style interactions. This has parallels with putting data in SOAP headers rather than in the content of the message.

Terry

-----Original Message-----
From: Robert Yates <robyates70 at gmail.com>
To: Digital Identity Exchange <dix at ietf.org>
Sent: Wed, 22 Mar 2006 16:39:42 -0500
Subject: SAML and REST - was Re: [dix] DIX use cases

so I admit that I am confused and probably out of my depth, and I know better than to argue with the initial spec author that it can't be done.

but I simply don't understand what it means to use SAML with something like atompub http://www.ietf.org/internet-drafts/draft-ietf-atompub-protocol-08.txt or any of the plethora of so-called REST based web services.

Here is an ATOM post.

POST /myblog/entries HTTP/1.1
Host: example.org
User-Agent: Thingio/1.0
Content-Type: application/atom+xml
Content-Length: nnn

<entry xmlns="http://www.w3.org/2005/Atom">
<title>Atom-Powered Ro bots Run Amok</title>
<id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id>
<updated>2003-12-13T18:30:02Z</updated>
<content>Some text.</content>
</entry>

Where does the SAML go? I apologize for my lack of understanding here.

Rob

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________ dix mailing list dix at ietf.org https://www1.ietf.org/mailman/listinfo/dix

RE: SAML and REST - was Re: [dix] DIX use cases

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.