OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services-comment] The cookie spec is now RFC 6265


Sorry for the slow response. 

The suggested change to Security Considerations has been made and all references to RFC 2965 have been changed to RFC 6265. The changes have been made in WD08. 

http://www.oasis-open.org/committees/download.php/43042/saml-session-token-v1.0-wd08.odt

It should shortly be available for 15 day public review as CSD03.

Hal

> -----Original Message-----
> From: Thomas Fossati [mailto:tho@koanlogic.com]
> Sent: Saturday, July 09, 2011 1:49 AM
> To: security-services-comment@lists.oasis-open.org
> Subject: [security-services-comment] The cookie spec is now RFC 6265
> 
> 
> Section 9 contains a wrong claim:
> 
> "[...] HttpOnly attribute to the cookie. While this has not 
> yet been standardized  by the IETF yet, [...]"
> 
> In fact 6265 is a "Standards Track" RFC, which specifies 
> usage of the HttpOnly attribute, see:
>     http://tools.ietf.org/html/rfc6265#section-5.2.6
> 
> -=-=-
> 
> All references to RFC 2965 should be updated to RFC 6265.
> 
> -=-=-
> 
> Please note that the "Session Token Profile" is quite similar 
> in scope to:
>     http://tools.ietf.org/html/draft-secure-cookie-session-protocol
> 
> -=-=-
> --
> This publicly archived list offers a means to provide input to the
> OASIS Security Services (SAML) TC.
> 
> In order to verify user consent to the Feedback License terms and
> to minimize spam in the list archive, subscription is required
> before posting.
> 
> Subscribe: security-services-comment-subscribe@lists.oasis-open.org
> Unsubscribe: 
> security-services-comment-unsubscribe@lists.oasis-open.org
> List help: security-services-comment-help@lists.oasis-open.org
> List archive: 
> http://lists.oasis-open.org/archives/security-services-comment/
> Feedback License: 
> http://www.oasis-open.org/who/ipr/feedback_license.pdf
> List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
> Committee: 
> http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
> 
>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]