[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] RespondWith element processing is underspecified
At f2f#5 we agreed to include the "RespondWith" element. However, no agreement was reached on the semantics of this element as well as its interaction with error conditions. Is this an advisory element (i.e., essentially useless)? If so, why are we including it in the draft? As an alternative it could be a considered a hard requirement; in other words, if a requestor submits a <RespondWith> value of "AuthenticationStatement", then the responder MUST respond with an assertion containing an AuthenticationStatement OR return an error response. Of course, this does not cover the case when multiple assertions are returned (e.g., lookup by assertion id, for example). Does it mean every returned assertion MUST contain a "Authentication Statement"? Additional example of complexity abound. Another example is given in message: http://lists.oasis-open.org/archives/security-services/200201/msg00123.html <http://lists.oasis-open.org/archives/security-services/200201/msg00123.html > We have not discussed these processing rules at all. In their absence, the <RespondWith> element adds additional complexity and confusion to the draft. We should either: (a) remove section 3.2.1.1 and the <RespondWith> element (b) drastically simplify its contents (for example, we can probably give simple processing rules for the schema URI case). (c) provide detailed processing rules for all of the cases. - prateek
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC