[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] Additional verbiage for Section 3.4.4
Bob Blakley pointed out to me offline that my rewording isn't complete; the responder MUST return a response that MAY contain assertions. In redoing Prateek's first sentence (which, I maintain, didn't quite get this across either because of the MUST-zero combination), I lost something. Here's a revised attempt: "In responding to a request, the responder MUST return a <samlp:Response> element, where the response MAY contain one or more assertions that satisfy the constraints expressed by the query. If the responder cannot identify any assertions that satisfy the constraints, the response MUST contain no assertions and its status code MUST have the value "Success". [In order to avoid implying that this is the only interesting condition, should there be wording here about other conditions that require other error codes?] The response MAY also contain a status message with additional information." If people simply like Prateek's original wording better, though, that's fine. Eve Eve L. Maler wrote: > Mishra, Prateek wrote: > >> A SAML responder MUST return zero or more assertions in a <Response> >> element. > > > > This is a bit weird. It MUST do something, one of the options of which > is doing nothing? Would it make sense rather to get a little more > conceptual? > >> Each assertion MAY contain one or more statements. > > >> If the responder cannot find any assertions that satisfy the >> constraints expressed by the query, >> the <saml:Response>/<saml:StatusCode> MUST have value "Success". >> It MAY also return a <saml:StatusMessage> with additional information. > > > > How about this? > > "The responder is expected to return assertions that satisfy the > constraints expressed by the query. Any assertions returned MUST > contain one or more statements. If no assertions satisfy the > constraints, the response MUST contain no assertions and its status code > MUST have the value "Success". The response MAY also contain a status > message with additional information." -- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Center eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC