Shibboleth Developers

["Scott Cantor" <>]

> > [line 135] "SSO exchange" ... is that a common phrase from SAML? it's
> > used just once in this document, so i wonder if there isn't a 
> > more common way of expressing the same thing; on the other hand, it's
> > analogous to "attribute exchange", which is used several times (e.g., 
> lines 681-682).
> 
> Hmm, I'm not sure.  I'll leave this as is for now and let 
> others comment.

Well, in SAML2, the phrase "protocol exchange" gets used a lot. I guess
"profile exchange" might work here as well.

> Good eye!  Actually, this can be GET or POST depending on the WAYF
> implementation.  For example, the InQueue WAYF uses GET although I
> don't believe this is generally true.  Does anybody know why InQueue
> uses GET?

Mostly because it's HTTP-kosher (the side effects are idempotent) and if the
flow is GET, dealing with back button hijinks is easier, if somebody chooses
to implement something along those lines. No need for POST, so it just
doesn't use it. The real answer is probably "just 'cause".

Doc-wise, I'd characterize the step as "unspecified HTTP interaction(s)". It
could be many POSTs or GETS.

-- Scott