OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] Action A9: Error handling for SOAP profile

In the bindings-06 draft, lines 788-800 (PDF version), the text specifies
that servers must return a SOAP fault if the processor understands the SAML
header, but decides based on that header not to further process the message.

This requirement is to broad; without knowledge of the semantics of the
message body, we don't know what part the SAML data was intended to play in
the processing. That said, I think we can specify SAML-specific error codes
when the problem is specifically with the SAML data.

I suggest we replace lines 788-800 with:

If the receiving party understands the SAML assertion in the SOAP header,
but considers the assertion invalid, the receiving party SHOULD return a
SOAP message with a <Fault> element as the message body. Reasons why the
receiver may consider the assertion invalid include, but are not limited to:
*	The assertion contains a <Condition> element that the receiver does
not understand.
*	The signature on the assertion is invalid.
*	The receiver does not accept assertions from the issuer of the
assertion in question.

The returned <Fault> element takes the form:

<Fault>
     <Faultcode>Client.SAML</Faultcode>
     <Faultstring>...</Faultstring>
</Fault>

It is recommended that the <Faultstring> element contain an informative
message. This specification does not specify any normative text. Sending
parties MUST NOT rely on specific contents in the <Faultstring> element.

 - irving -



-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended 
for the addressee(s) only.  If you have received this message in error or 
there are any problems please notify the originator immediately.  The 
unauthorized use, disclosure, copying or alteration of this message is 
strictly forbidden. Baltimore Technologies plc will not be liable for direct, 
special, indirect or consequential damages arising from alteration of the 
contents of this message by a third party or as a result of any virus being 
passed on.

In addition, certain Marketing collateral may be added from time to time to 
promote Baltimore Technologies products, services, Global e-Security or 
appearance at trade shows and conferences.
 
This footnote confirms that this email message has been swept by 
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC