OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [security-services] comments on bindings-model-14


Prateek -- thanks for getting that out. 

Two quick editorial comments..

1. altho the sections are numbered in the TOC, sections are unnumbered in the
document body. A Word problem? Anyone else see this or is it just  me?


2. wrt "Confirmation Method Identifiers" section

It's lacking introduction text. I suggest we leverage the text Hal wrote that
appeared in core-28...

                  ---------------------------------------

<SubjectConfirmationMethod> is a part of the <SubjectConfirmation>, which is
used to allow the Relying Party to confirm that the request or message came
from the System Entity that corresponds to the Subject in the statement. The
<SubjectConfirmationMethod> indicates the method which the Relying Party can
use to do this in the future. This may or may not have any relationship to an
authentication that was performed previously. Unlike the Authentication Method,
the <SubjectConfirmationMethod> will usually be accompanied with some piece of
information, such as a certificate or key, which will allow the Relying Party
to perform the necessary check.

There are many <SubjectConfirmationMethod>, because there are many different
SAML usage scenarios. A few examples are: 

1. A user logs in with a password, but a temporary passcode or cookie is issued
for confirmation purposes to avoid repeated exposure of the long term password.

2. There is no login, but an application request is digitally signed. The
associated public key is used for confirmation.

                  ---------------------------------------

It needs at least a reference to [SAMLCore] in the first sentence, and perhaps
the first example needs redo because we don't have a password confirmation
method at this point. 

I'd change the first "many" in  the second paragraph to "several", and "few" to
"couple" as appropriate. 


JeffH


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC