Wednesday, March 6, 2013

Federation: Redirect POST vs POST Artifact

I attended an Identity course last week and Federation was covered (of course).

We covered Redirect-POST and POST-Artifact and made some comparison.

Well, whenever I need diagrams on Federation, I always go to PingIdentity. Their document is tip-top - my #1! So, here's the link ...

I should say Redirect-POST is the most commonly deployed.

Most activities revolves around redirection via the user's browser. Easily achievable.

When it comes to POST-Artifact, the problem lies in the highlighted red box.

Usually, when different organizations choose Federation for integration, they would most likely not like to expose their backend identity infrastructure as much as possible. However, POST-Artifact requires the Federation Servers in the SP side and the IdP side to communicate to each other.

Adoption rate will be definitely low, as one can easily predicate. 


No comments:

Post a Comment