[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Comments on bindings-13
Rats - missed a couple of comments...
Line 545: says that "authentication statements" may be distributed across assertions. Shouldn't this say "Assertion statements" since an assertion can contain any of the assertion statement types?
Also... regarding my suggestion to rename the "assertion consumer" to "artifact consumer" in the Browser/Artifact profile. Lines 395-405 of section 4.1 also refer to the "assertion consumer" service for both profiles. Here, it is referring to an assertion consumer in the general sense, independent of how the assertion eventually arrives at the destination. I'm fine with this, but folks were confused when the artifact was sent to the "assertion consumer URL". Perhaps we could refer to the service in the general sense as the "assertion consumer service" or the "SAML consumer service" and then:
Rob Philpott RSA Security Inc. The Most Trusted Name in e-Security Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020
-----Original Message-----
These comments are from an expanded internal review here at RSA. Sorry I couldn't get these late last week.
"Posting the form can be triggered by various means. For example, a "submit" button could be included in the HTML FORM described in Step 2 by including the following line: <INPUT TYPE="Submit" NAME="button" Value="Submit"> This requires the user to click the Submit button in order for the POST request to be sent. Alternatively, Javascript can be used to avoid the user interaction:" [include the javascript from lines 767-775]
Rob Philpott RSA Security Inc. The Most Trusted Name in e-Security Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 mailto:rphilpott@rsasecurity.com
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC