security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: RE: [security-services] draft-sstc-saml-meta-data-01.doc ;draft-sstc-schema-meta-data-01 .xsd
- From: Jahan Moreh <jmoreh@sigaba.com>
- To: "Mishra, Prateek" <pmishra@netegrity.com>,SAML <security-services@lists.oasis-open.org>
- Date: Tue, 04 Feb 2003 08:55:18 -0800
Prateek -
Thanks for continuing to
edit this document. I have embedded some comments in the document. Below I
repeat these comments for people who like to read the comments in email
text.
Thanks,
Jahan
Section 2.1.1, ProfileID:
I think The schema should allow
multiple ProfileID elements for source sites that support more than one profile.
I.e., it should not be necessary for a source site that supports multiple
profiles to create multiple descriptors
2.1.2.1.1:
<TrustModelType>
Should this allow “extensions”
for types that are not enumerated here but could be agreed upon between source
and destination?
2.1.2.1.1:
<NameAndPassword>
There
are security considerations for including
hashed passwords in the MetaData. I think we should seek alternatives to this,
including not specifying this in the metadata at
all.
2.1.2.1.1 and 2.1.3 (<ds:X.509Certificate> and KeyInfo,
respectively)
I think these
should allow a certificate chain, leading to the root. In fact, it is more
important to have the root than it is to have the actual certificate for the
source site (SSL will exchange the end-entity
certificate).
:
2.2.
<DestinationSiteList>
Have
we decided that we are not going to support the notion of destination site
communicating
to the source site names of parameters that must be preserved during redirection
(i.e., Liberty-like <RelayState>?). I know there have been discussions
about extending the browser profiles themselves to communicate this type of
data, but I am not convinced that we have resolved
this.
----------------
Jahan Moreh
Chief Security
Architect
310.286.3070
Attachment:
draft-sstc-saml-meta-data-0JM1.doc
Description: MS-Word document
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC