[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] Web Post Profile and Conformance
In the bindings document, the Browser Profiles (lines 377-732) the term SSO Assertion is used repeatedly. This is an undefined term as far as I know. Is it supposed to be Authentication Assertion? Apparently, that's what the Conformance folks think, as reflected in the table on line 166 in the conformance document.
I see in the Artifact profile, we are back to "one assertion per artifact" Presumably this allows a Destination site to request an Authentication Assertion and an Attribute Assertion about the same subject.
1. Is this correct?
2. If so, the table in the conformance document should be fixed.
The Post Profile says that multiple Assertions MAY be included. (Although in various places like line 654 it says "an Assertion.")
3. If this is the case, the table in the conformance doc should be adjusted.
4. Given this, I don't see why implementation of the SOAP binding is mandatory, if only this Profile is supported.
When we agreed that the conformance would follow the Binding and Profiles, I thought the terminology would be carried over. Shouldn't compliance with the Browser Profiles be interms of being a Source Site or a Destination Site or both? Shouldn't conformance with the SOAP Profile be in terms of Sender or Receiver or both?
5. The bindings doc, lines 697 & 700 says <saml:Target>. In the core document text, line 492 (and on the mailing list) this is called <TargetRestriction>. However I just noticed that in the schema it is Target, so perhaps this is a core bug rather than a bindings bug.
(More about Target to follow.)
Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC