[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Comments on SAML technical overview section 5.1.3
Nathan, Thanks for your feedback on the technical overview. The document itself is fairly old and probably generally in need of revision. I can respond to your specific suggestions, and feed them into the revision process when a TC member has time to initiate it. Unfortunately, we've got two or three major documents working their way through the TC right now, and several more work items are on the horizon, so I'm not sure when that time would arrive. At such a time, we would intend to push the document through the non- standards-track mechanisms recently established by OASIS, so once initiated, it should go a little faster. > - Figure 13 title is missing the name of the binding that it is > illustrating. > > - The explanatory text in section 5.1.3 explains that a HTTP POST > binding is being used, but the diagram does not seem to illustrate a > HTTP POST. Note that the processing explanation for step 2 says that > a form is sent back in a HTTP response, which does not seem to be > what the diagram illustrates. The HTTP POST refers only to the AuthnRequest, so it's step 2 in the diagram which is wrong. It should be a POST operation. The rest of the diagram(binding excluded, of course) appears to be correct. > - The phrase " ... message in cases where its length precludes the > use of the HTTP Redirect binding (which is typical)." does not make > it clear whether the HTTP Redirect is "typical", or whether it is > typical that the length of the message is such that it precludes the > HTTP Redirect. I think better wording would be "the binding that is most commonly used," or maybe, "where atypically large size precludes"... Such a large AuthnRequest is clearly atypical. > - The numbering of the steps describing the processing in 5.1.3 is > sequenced 1, 2, 1, 3 ... 8. I think that the second '1' is wrong. Yes, it's extraneous due to poor formatting and should be removed. > If there is a better way to provide this feedback, please let me know. The best choice would be to use the security-services-comment@lists.oasis-open.org mailing list. I'll be glad to continue this conversation or handle any other questions/observations you might have there. http://www.oasis-open.org/committees/comments/index.php?wg_abbrev=security Thank you very much for the close read and contribution, Nate.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]