OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Request for clarification

Not to diffuse the wonderful discussions that are going on, I've seen no
direct response to the email I sent a short while ago.   The message was
critical of the new Element <Evidence> for a variety of reasons -- those of
precise syntax as well as trust.  Perhaps the mailer did not send the
message out?  Could a couple of you please confirm receipt etc. and update
the status both of the Element <Evidence> and the issues attached?  Thanks!

/Michah

From:	Lerner, Michah, ALSVC
Sent:	Thursday, July 26, 2001 12:21 AM
To:	oasis sstc
Subject:	draft-sstc-core-10 sec 1.4.4.2 Element <Evidence>

As with any new element, there are bound to be questions about the
Element <Evidence> defined by section 1.4.4.2 of draft-sstc-core-10 
and core-discussion-00 sections 3.1.1, 4.1.14, and 4.2.3.  Here are
several that may benefit from clarification and discussion. 

1) Is saml:evidence different from saml:advice? Already xtass:evidence 
   shares identical wording with saml:advice, including the missing \)
2) Since an AuthorizationDecisionAssertion is "made subject to the 
   assertions in the Evidence element"
   a) Does the AuthorizationDecisionAssertion certify the textually
      enclosed saml:evidence as valid "jointly and severally", as 
      defined by the Element <Claims>?  If so, what is the purpose 
      of carrying the evidence, and is the evidence unique or complete?
   b) What, if any, are the consistency requirements between multiple
      saml:evidence elements within an AuthorizationDecisionAssertion?
3) Is saml:evidence local to the saml:AuthenticationDecisionAssertion 
   that textually encloses it?  
4) What properties describe the saml:evidence available in a SAMLResponse
   to a SAML protocol AuthorizationQuery, and how does this depend on the
   evidence provided in the query? 

//Michah







------------------------------------------------------------------
To unsubscribe from this elist send a message with the single word
"unsubscribe" in the body to: security-services-request@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC