[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Response Processing
On Thu, Dec 18, 2008 at 3:20 AM, Luh, Torsten <torsten.luh@sap.com> wrote: > > I have a question regarding the Response Processing. The profile standard > contains the sections "<Response> Usage" (4.1.4.2) and "<Response> Message > Processing Rules" (4.1.4.3). It would help if you said what specification you are referring to (there are many). > Obviously, the latter section is only relevant > for SPs. However, I am wondering what about the former section, is it only > relevant for the IDP that is issuing the response? As an example, the > section mentions that "If multiple assertions are included, then each > assertion's <Subject> element MUST refer to the same principal.". It is > clear that the IDP must ensure that when issueing the response. But does the > SP also need to check this? Is there normative language to that effect? If not, then no, the SP does not need to check it. > Or does section 4.1.4.3 contain the complete > processing rules for the SP? That's always a good question, and quite possibly it's why OASIS now requires that every specification have a conformance section, so that authors make this clear to their readers. > Another issue that was discussed internally refers to multiple assertions in > the response (SSO profile). If multiple assertions are present in a > response, is it sufficient to rely on the first valid assertion or is it > necessary to ensure that all assertions are valid in order to rely on an > arbitrary one? There's nothing preventing the SP from relying on the first of multiple assertions. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]