OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Public Review comments for OASIS SAML V2.0 Change Notify Protocolv1.0

http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml2-notify-protocol/v1.0/csprd01/sstc-saml2-notify-protocol-v1.0-csprd01.html 

Note these comments are being made as an individual TAB member and do not necessarily represent the views of the TAB as a whole.

1. Line numbers would greatly help in making review comments!

2. 1.1 Notation. "When these words are not capitalized, they are meant in their natural-language sense." This is in violation of RFC2119 which permits upper and lower case. Replace lower case keywords with non-rfc2119 language e.g. must into can. Also, sometimes the word SHALL is used instead of MUST. OASIS guidelines suggests only using MUST (http://docs.oasis-open.org/templates/TCHandbook/ConformanceGuidelines.html#_Toc170119662)

3. Section 2.1 required information. It is unclear to me what these headers are and what they mean. If this template is defined somewhere please add a brief description and/or a reference here.

4. 2.2 Description.  Consistency in bolding and terms required. Sometimes Notify Issuer and Notify Target are in bold and sometimes the Notify is in normal type or missed out completely. Suggest be consistent throughout this document for all occurrences.

5. 2.2 Description, 2nd para. "However, except for just-in-time SSO provisioning, except for the SAML Name Identifier Management Protocol [SAML2Core]," This need re-phrasing as there are two "excepts" here.

6. 2.2 Description, 2nd para, last sentence. Is this RFC2119 MAY intentional, seems out of place to me i.e. does not add any normative requirement to any conformance target.

7. 2.9 "The responding Notify Target of the ...", 3rd bullet, lower case the BE (SHALL be, not SHALL BE)  

8.  4.1 same comment as point 3 above.

9. The appendices need to be marked as such - currently they look like normal sections.

10. Appendix 1, Use Cases. There are a couple of rfc2119 keywords here that  seem inappropriate for a use case section (2nd item of each use case). Please rephrase without using MUST e.g. "has to acknowledge".


Martin Chapman 
Standards Professional

Mobile: +353 87 687 6654 

ORACLE Ireland 

Oracle is committed to developing practices and products that help protect the environment

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]