Shibboleth Developers

[Scott Cantor <>]

> Well, you can't make a Jabber server use its native protocol 
> to make a query and read a response.

Ok, but why do we need to? Why can't it make an out of band SOAP request,
like any other SAML query client?

This isn't about sending the credential, SAML or otherwise, I understand
that would need to be aligned with XMPP. But if you want to make an
attribute query (or even an authz query), why does it need to be XMPP?

> I think that using a 
> XMPP binding for SAML could make sense if it is confined to 
> implement a gateway allowing a Jabber server make authZ 
> decisions by means of the data received inside a XMPP 
> message. The SOAP binding is the only "outer binding", and 
> the Jabber server maintains its only XMPP speaking.

I would call that more of an XMPP profile for carrying SAML. Analagous to
the SAML token profile in WSS, as opposed to the SOAP binding, which is just
the SAML request/response protocol.

-- Scott