OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

imi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Created: (IMI-40) Comments from J.Durand

Comments from J.Durand
----------------------

                 Key: IMI-40
                 URL: http://tools.oasis-open.org/issues/browse/IMI-40
             Project: OASIS Identity Metasystem Interoperability (IMI) TC
          Issue Type: Improvement
          Components: Spec
    Affects Versions: SAML 1.1 Profile PR, SAML 2.0 Profile PR
            Reporter: Marc Goodner
            Assignee: Michael Jones
            Priority: Minor


http://lists.oasis-open.org/archives/imi-comment/201006/msg00000.html 

1- Is there any way to notify the behavior of Relying Party w/r to what is accepted / not accepted, e.g. 
"Implementations MAY accept claim types encoded using the convention where..."
How is the implementation supposed to communicate that it does not accept these (any error or warning to be generated?) 
 
2- Reading the conformance clause, it sounds like there are 3 conformance targets, not just 2:
(a) Identity Provider implementation 
(b) Relying Party implementation
(c) assertions
Since the concept of consistent (or conforming) assertion is so important to 
"implementations" (a and b) as these are actually evaluated on their ability to handle such assertions 
shouldn't the conf clause also define what a conforming assertion is and more explicitly refer
to the related normative text (which I feel are not just restricted to section 2.3.3. ?)
 
3- Conformance Clause editorial:
- " A Relying Party implementation conforms to this profile if it can accept assertions consistent with the 
normative text of Section 2.4. " 
Not only I believe: because the assertions it is supposed to accept are also to be consistent with 2.3.3.
Might be resolved by addressing comment #2.
- Given the very concise wording of the conformance clause, it might be helpful to
clarify that being "consistent with the normative text" actually means that the implementation 
only needs to behave consistently with normative statements using MUST / MUST NOT
(as readers might wonder what does it mean to be consistent with a SHOULD statement...).


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]