why is SAML based on browser

Cantor, Scott cantor.2 at osu.edu
Fri Jul 13 15:08:02 EDT 2012


On 7/13/12 3:04 PM, "Yaowen Tu" <yaowen.tu at gmail.com> wrote:
>
>Let me know if this is the correct mail list that I should ask for this
>question.

The OASIS saml-dev list is the appropriate list for SAML questions.

>I am studying SAML and SSO, and it looks like the application that use
>SAML need to be a web application and relying on a browser.

SAML is based on profiles, it's a generic standard. One of the profiles is
for browser SSO.

>My limited knowledge of SAML tells me that SAML relies on session and
>cookie, which is not available in desktop application or mobile app. Is
>that the only reason? Can you give me more details about this?

None of that is anything to do with SAML. It doesn't specify anything
about session management, cookies, or anything like that. That's all out
of scope of the standard.

-- Scott



More information about the users mailing list