OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] notBefore/notOnOrAfter unnecessary?

Trevor,

This type of checking is a key part of the web browser profile. 
Please review the threat model in the bindings document. Small
changes to security protocols almost always break them.

I will publish later today a list of do's and dont's that we distilled
out from the rehearsal. I will incorporate these into a new draft of
the interOp document.

- prateek

>>-----Original Message-----
>>From: Trevor Perrin [mailto:Tperrin@sigaba.com]
>>Sent: Wednesday, June 19, 2002 7:47 PM
>>To: saml-dev@lists.oasis-open.org
>>Subject: [saml-dev] notBefore/notOnOrAfter unnecessary?
>>
>>
>>
>>A comment on the validity periods issue:  the Conditions/NotBefore and
>>Conditions/NotOnOrAfter elements are optional in the 
>>Assertions and Protocol
>>document.  The Browser/Artifact profile seems to imply they must exist
>>(lines 580-582 and 593-601 in May 31 Bindings and Profiles 
>>document), but
>>isn't really clear.
>>
>>We've seen that this validity period causes problems.  Given that the
>>responder is responding in real time, the validity period 
>>seems unnecessary
>>for this profile.  Ie, the responder is saying "this 
>>assertion is valid
>>right now", so the requester shouldn't need to do a validity 
>>period check.
>>
>>So if the committee's still taking comments, perhaps we could 
>>suggest that
>>the above lines be removed from the artifact profile, and 
>>some text inserted
>>that a validity period isn't necessary here.
>>
>>Trevor
>>
>>  
>>
>>-----Original Message-----
>>From: Don Bowen [mailto:don.bowen@sun.com]
>>Sent: Monday, June 17, 2002 5:36 PM
>>To: saml-dev@lists.oasis-open.org
>>Subject: [saml-dev] Conference call for June 18th
>>
>>
>>Here is the call information (same as last time):
>>
>>date: June 18, 2002 12-1pm EDT (11-12pm CDT / 9-10am PDT)
>>phone number: 888-422-7101
>>participant code: 551215
>>
>>Agenda:
>>
>>- Issues that have come up during the dry runs
>>  - SAML/SAMLP namespace
>>  - NotBefore time issues
>>  - Logout on each portal page
>>  - Requirements for what must be checked - spec
>>interpretation alignment
>>  - Interop between the dry runs?
>>  - Internet testing between now and Catalyst?
>>
>>- Catalyst
>>  - Status of preso about what SAML is and isn't
>>  - Check on marketing / SAML one-pager
>>  - Review press preview plans
>>  - Review/discuss attendee experience
>>  - Do we need internet connectivity? If so, Saturday only
>>or Monday also? We will probably have it.
>>  - Do we need a phone? We will probably get just one, but
>>it will essentially be a house phone only.
>>  - Should we put cell phones into spreadsheet?
>>  - Schedule for Saturday setup
>>
>>Don;
>>
>>----------------------------------------------------------------
>>To subscribe or unsubscribe from this elist use the subscription
>>manager: <http://lists.oasis-open.org/ob/adm.pl>
>>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC