[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] notBefore/notOnOrAfter unnecessary?
Trevor, This type of checking is a key part of the web browser profile. Please review the threat model in the bindings document. Small changes to security protocols almost always break them. I will publish later today a list of do's and dont's that we distilled out from the rehearsal. I will incorporate these into a new draft of the interOp document. - prateek >>-----Original Message----- >>From: Trevor Perrin [mailto:Tperrin@sigaba.com] >>Sent: Wednesday, June 19, 2002 7:47 PM >>To: saml-dev@lists.oasis-open.org >>Subject: [saml-dev] notBefore/notOnOrAfter unnecessary? >> >> >> >>A comment on the validity periods issue: the Conditions/NotBefore and >>Conditions/NotOnOrAfter elements are optional in the >>Assertions and Protocol >>document. The Browser/Artifact profile seems to imply they must exist >>(lines 580-582 and 593-601 in May 31 Bindings and Profiles >>document), but >>isn't really clear. >> >>We've seen that this validity period causes problems. Given that the >>responder is responding in real time, the validity period >>seems unnecessary >>for this profile. Ie, the responder is saying "this >>assertion is valid >>right now", so the requester shouldn't need to do a validity >>period check. >> >>So if the committee's still taking comments, perhaps we could >>suggest that >>the above lines be removed from the artifact profile, and >>some text inserted >>that a validity period isn't necessary here. >> >>Trevor >> >> >> >>-----Original Message----- >>From: Don Bowen [mailto:don.bowen@sun.com] >>Sent: Monday, June 17, 2002 5:36 PM >>To: saml-dev@lists.oasis-open.org >>Subject: [saml-dev] Conference call for June 18th >> >> >>Here is the call information (same as last time): >> >>date: June 18, 2002 12-1pm EDT (11-12pm CDT / 9-10am PDT) >>phone number: 888-422-7101 >>participant code: 551215 >> >>Agenda: >> >>- Issues that have come up during the dry runs >> - SAML/SAMLP namespace >> - NotBefore time issues >> - Logout on each portal page >> - Requirements for what must be checked - spec >>interpretation alignment >> - Interop between the dry runs? >> - Internet testing between now and Catalyst? >> >>- Catalyst >> - Status of preso about what SAML is and isn't >> - Check on marketing / SAML one-pager >> - Review press preview plans >> - Review/discuss attendee experience >> - Do we need internet connectivity? If so, Saturday only >>or Monday also? We will probably have it. >> - Do we need a phone? We will probably get just one, but >>it will essentially be a house phone only. >> - Should we put cell phones into spreadsheet? >> - Schedule for Saturday setup >> >>Don; >> >>---------------------------------------------------------------- >>To subscribe or unsubscribe from this elist use the subscription >>manager: <http://lists.oasis-open.org/ob/adm.pl> >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC