[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Updated: (IMI-28) Requirement forAudienceRestriction when AppliesTo provided may be overly restrictive
[ http://tools.oasis-open.org/issues/browse/IMI-28?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marc Goodner updated IMI-28:
----------------------------
Component/s: Spec
Fix Version/s: SAML 2.0 Profile PR
Affects Version/s: SAML 2.0 Profile PR
> Requirement for AudienceRestriction when AppliesTo provided may be overly restrictive
> -------------------------------------------------------------------------------------
>
> Key: IMI-28
> URL: http://tools.oasis-open.org/issues/browse/IMI-28
> Project: OASIS Identity Metasystem Interoperability (IMI) TC
> Issue Type: Bug
> Components: Spec
> Affects Versions: SAML 2.0 Profile PR
> Reporter: Michael Jones
> Priority: Minor
> Fix For: SAML 2.0 Profile PR
>
>
> The SAML 2.0 token profile currently says:
> If the request contains a <wsp:AppliesTo> element, then a <saml:AudienceRestriction> containing a <saml:Audience> element MUST be included with the value of that element.
> As part of the review of the draft SAML 1.1 token profile, Arun Nanda commented: "This is overkill IMO. If an IdP is an open IdP that issues 'unscoped' tokens for consumption by any RP, it should not be forced to encode an audience in the issued token just because the request included it. So, may be SHOULD is preferred here..."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]