[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: some changes in requirements draft 3
To list some of the changes in the last requirements draft, so people can comment on them: 1. In "3.2.1 Requestor Identity", John Messing added a question: do we want to restrict the methods of identifying a Requestor to only the listed two (string or SAML Assertion as signed attribute), or consider other methods explicitly, or make it extensible to other methods? 2. In "3.3.1 Generic Request Requirements / General", we added text about allowing the client to specify schema/DTD information about which XML elements have ID attributes, since this will sometimes be needed to handle dsig:References that refer to elements by ID attribute. 3. "3.3.4 Authentication" was added. 4. In "3.4.1 Selective Signing", we added the ability for the client to refer to a group of transforms by a single "transform profile" identifier, instead of having to list them individually, per Gregor's request. 5. In "3.4.3 Output Delivery", we added some text about delayed response, where the client asks for a signature and gets a transaction identifier instead, and then has to check back later to pick up the signature. 6. In "3.5.2 Output Delivery", it was changed so the server can't return a response signed document via a URI, but must return it within the protocol. 7. In "3.8.2 Query Requirements / Verification Service", it was changes so the server doesn't need to support queries for which transforms it supports, only for which policies it supports.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]