[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Comments on Core WD 01 3 Oct 03
Trevor, Just a couple of follow up points. Nick > -----Original Message----- > From: Trevor Perrin [mailto:trevp@trevp.net] > Sent: 13 October 2003 00:01 > To: Nick Pope; OASIS DSS TC > Subject: Re: [dss] Comments on Core WD 01 3 Oct 03 > > > At 10:09 PM 10/12/2003 +0100, Nick Pope wrote: > >Content-Transfer-Encoding: 8bit > > > >I propose the following comments on the Core protocol and > elements document: > > > >Nick > > > >Comments on DSS Core > > > >WD 01 3 Oct 03 > > > >4) 2.2.3 > > > >The input document has two URIs (URI as an element, and RegURI as an > >attribute). What is the relative role of these two URIs? What > if they are > >different? > > RefURI tells the server what to put in the corresponding > ds:Reference's URI > attribute. The <URI> element tells the server where to retrieve the > document. > > RefURI gives the relative position of document wrt signature - > for example, > RefURI may be a same-document reference like "#doc1", whereas > <URI> is just > used as a mechanism to transfer the document from client to server. > I understand this from the protocol mechanism viewpoint. However, I still question the need for both parameters and why they could be different? > >8) 3.4.4 Claimed Identity > > > >This should to structured as proposed in the dss requirements document > >(3.2.2). > > > >· Requestor Name (in a type/value format such as a SAML > NameIdentifier) > >· (Optionally) Information supporting the name (such as a SAML > >Assertion, > >Liberty Alliance Authentication Context, or X.509 Certificate) > > That's for *Requestor Identity*, not necessarily claimed identity. The > information supporting the name (certificate, assertion, etc.), should be > delivered by the underlying binding, I think. So can we get by > with just a > string here? > Using the underlying binding is just one way of providing the authentication. For single sign on / liberty / SAML type of authentication there can be a form of token which is used to support the name. Also, a type identifier for the name would be useful (see SAML NameIdentifier structure). I request that we include the previously agreed structure. Nick
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]