[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] comments on core-25
(1)
613 should read
<SubjectConfirmationData>[Optional]
...
based on schema fragment shown on 621-626.
Redundant lines of schema on lines 629-630 should be deleted.
(2)
996, use of ConfirmationMethod
656, use of AuthenticationMethod
There is some inconsistency here. My understanding
in earlier versions was that the filter was built around
AuthenticationMethod (otherwise why should it be
specific to <AuthenticationQuery>?). My guess is
that line 996 should read:
<AuthenticationMethod>[Optional]
(3)
1516: RFC in URN refers to the RFC for CMS. I am not
sure which RFC is meant here.
(4)
393:
I am puzzled by the maxOccurs="unbounded" attribute for <ds:Signature>.
I would have thought this to have cardinality 0 or 1 (no need for maxOccurs
attribute). A close examination of Section 5.1 (1311)
does not yield any justification for such a cardinality.
(5)
1316:
references sections 3.3.1 and 3.5.1 are incorrect. I think 3.2.1 and 3.4.1
are meant here instead. As in (4) above, I do not understand why we need
multiple signatures.
(6)
1340: Replace 2.1 by 5.1
(7)
formatting issues in lines 1295, 1304
I believe these lines should be indented as they are giving some details
for the bullet above.
(8)
add to line 1298:
The message integrity of assertions must also be guaranteed by use of
appropriate technology.
add to line 1304:
The message integrity of requests and responses must also be guaranteed by
use of appropriate technology.
(9) replace line 1348 by:
SAML processors MUST use enveloped signatures for signing assertions and
protocols. SAML processors SHOULD use RSA signing for public key signatures.
(10) 1317:
Remove informal parenthetical remark from section heading.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC