[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Action A9: Error handling for SOAP profile
In the bindings-06 draft, lines 788-800 (PDF version), the text specifies that servers must return a SOAP fault if the processor understands the SAML header, but decides based on that header not to further process the message. This requirement is to broad; without knowledge of the semantics of the message body, we don't know what part the SAML data was intended to play in the processing. That said, I think we can specify SAML-specific error codes when the problem is specifically with the SAML data. I suggest we replace lines 788-800 with: If the receiving party understands the SAML assertion in the SOAP header, but considers the assertion invalid, the receiving party SHOULD return a SOAP message with a <Fault> element as the message body. Reasons why the receiver may consider the assertion invalid include, but are not limited to: * The assertion contains a <Condition> element that the receiver does not understand. * The signature on the assertion is invalid. * The receiver does not accept assertions from the issuer of the assertion in question. The returned <Fault> element takes the form: <Fault> <Faultcode>Client.SAML</Faultcode> <Faultstring>...</Faultstring> </Fault> It is recommended that the <Faultstring> element contain an informative message. This specification does not specify any normative text. Sending parties MUST NOT rely on specific contents in the <Faultstring> element. - irving - ----------------------------------------------------------------------------------------------------------------- The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. In addition, certain Marketing collateral may be added from time to time to promote Baltimore Technologies products, services, Global e-Security or appearance at trade shows and conferences. This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC