SOA Security

Cantor, Scott cantor.2 at osu.edu
Tue Feb 24 14:47:37 EST 2015


On 2/24/15, 2:44 PM, "Arnal, Pascal" <Pascal.Arnal at lacapitale.com> wrote:

>I don't understand, how the second SP (service SP) know the user behind 
>the first SP (application SP) ?

There are detailed examples in that wiki where the extension is 
documented. A delegated assertion is issued with the user as the subject. 
The intermediary SP is named in the Delegate element in the condition 
included in the assertion for policy purposes.

From the SP point of view, it's all trivial and identical to running any 
other application behind the SP. That's the end that is very clean and 
easy. The complexity, relatively speaking, is with the need for an 
ECP-aware client for service calls.

-- Scott



More information about the users mailing list