OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [security-services] bindings07 section 3.1 comments


Title: bindings07 section 3.1 comments

Prateek,

Here are my comments on the bindings07.
Text message describes edits by the line number of
the original document. Word document has this edits
applied

<<bindings07-comments.txt>>
<<draft-sstc-bindings-model-07.doc>>

Simon Godik


Section 2.1

line 116: Example: A SAML HTTP binding describes how ... message exchanges
--are-- mapped ...

I think this line sets up an expectation that http binding is defined.
Since we do not define http binding it's better either to take this sentence
out or to rewrite it saying:
"A SAML HTTP binding describes how ... message excanges --could be-- 
mapped ..."

Section 3.1

I've got confused about the meaning of sender 
and receiver as it used in section 3.1.

Line 253 defines sender as an entity that transmits <samlp:Request>
and receiver as an entity that receives it and returns <samlp:Response>.
Later, in section 3.1.2 when headers are discussed (lines 259-266) saml
sender and saml receiver are used independently of <samlp:Request> and
<samlp:Response>. 

I think what we want to say is that when a party is playing a role of a 
sender it may add arbitrary soap headers and when a party is playing a role 
of a receiver it must not require any headers for the soap message.

We can define a party that is sending <samlp:Request> in a saml conversation
as 'saml requestor' and a party that is sending <samlp:Response> in a saml
conversation as 'saml responder'. Then we can say that both parties play
different roles of sender or receiver depending on the state of saml
conversation. Then we can refer to saml requestor, saml responder,
sender and receiver without ambiguity.

Proposed changes to the text:

lines 253-255: Replace 'sender' with 'saml requestor' and 'receiver' with
'saml responder'.

"A saml requestor transmits a SAML <samlp:Request> within the body of a
SOAP message to a saml responder. The saml responder processes the SAML
request and returns a <samlp:Response> within the body of another SOAP
message."

After that add another paragraph defining 'sender' and 'receiver':
"During saml conversation both parties play complimentary roles of 
saml sender or saml receiver depending on the state of saml conversation."

line 270: replace 'sender' with 'saml requestor':
"The saml requestor MUST NOT include ..."

line 272: replace 'receiver' with 'responder':
"..., the saml responder MUST return ..."

line 279: replace 'receiver' with 'responder':
"The SAML responder MUST NOT include ..."

line 281: replace 'sender' with 'requestor'.
line 282: replace 'receiver' with a 'responder'
"On receiving a SAML response in a SOAP message, the SAML -- requestor--
MUST NOT send a fault code or other error messages to the -- SAML responder--"

line 288: replace receiver with 'SAML responder':
If a SAML responder cannot, for some reason..."

line 295: replace 'sender' with 'saml requestor' and 'receiver' with 
'saml responder':
"Authentication of both --saml requestor-- and --saml responder-- is 
optional..."

line 321: replace 'receiver' with 'responder':
"a SAML responder MUST NOT include ..."

line 326: replace 'sender' with 'requestor' and 'receiver' with 'responder':
"SAML --requestor-- and SAML --responder-- MUST implement following ..."

Add following text:
"From the point of SSL protocol, SAML requestor plays a 
role of a client, and SAML responder plays a role of a server".

line 337: replace 'receiver' with 'responder':
"SAML --responders-- MUST implement message integrity..."

line 349: replace 'receiver' with 'responder' and 'sender' with 'requestor'
"A SAML --responder-- that refuses to perform a SAML message exchange with
the -- SAML requestor-- SHOULD return ..."

draft-sstc-bindings-model-07.doc



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC