OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: No Subject

 

Soooo... since Prateek's response clearly states the expected result and, as
I mentioned, this is consistent with what we state in -core regarding
Query/Request processing, I would really like to clarify the B&P text and
treat it as an editorial/errata change.

 

DOES ANYONE OBJECT to treating it as such with the following replacement
text:

 

"If the source site is able to find or construct the requested assertions,
it responds with a <samlp:Response> message with the requested assertions.
Otherwise, it responds with a <samlp:Response> message with no assertions
and a <samlp:StatusCode> element with the value Success." This would be
consistent with the wording in -core.

 

Rob Philpott 
RSA Security Inc. 
The Most Trusted Name in e-Security 
Tel: 781-515-7115 
Mobile: 617-510-0893 
Fax: 781-515-7020 
mailto:rphilpott@rsasecurity.com <mailto:rphilpott@rsasecurity.com>  

 


------_=_NextPart_001_01C30F63.DD264E80
Content-Type: text/html

<html>

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">


<meta name=Generator content="Microsoft Word 10 (filtered)">

<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
p
	{margin-right:0in;
	margin-left:0in;
	font-size:12.0pt;
	font-family:"Times New Roman";}
span.EmailStyle17
	{font-family:Arial;
	color:windowtext;}
span.Element
	{font-family:"Courier New";}
span.Keyword
	{font-family:"Courier New";}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
	{page:Section1;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hi folks,</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Lines 505-507 (section 4.1.1.6) of the -02 draft B&amp;P Word
document state:</span></font></p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>"If the source site is able to find or construct the
requested assertions, it responds with a </span></font><span class=Element><font
size=2 face="Courier New"><span style='font-size:10.0pt'>&lt;samlp:Response&gt;</span></font></span><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> message
with the requested assertions. Otherwise, it returns an appropriate status
code, as defined within the selected SAML binding."</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>This is not really clear and will probably be construed by
the reader to mean either that a SAML error status code should be returned in a
samlp:Response or that a SOAP fault error should be returned (assuming the "selected
SAML binding" is SOAP over HTTPS).&nbsp; I believe that we've all
agreed that the "appropriate" result is to send a samlp:Response
with a status code set to "Success" but that the response contains
no assertions.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>At least this is consistent with what we state in -core
regarding Query/Request processing.&nbsp; It is also consistent with my
research through the archives since I recalled this being discussed once upon a
time.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Last February, Dipak Chopra from SAP submitted a lengthy
list of comments/questions to the -comment list on the specs. Hal fwd'ed
the message to the main list.&nbsp; The link for the fwd'ed message is:</span></font></p>

<p class=MsoNormal style='text-indent:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'><a
href="http://lists.oasis-open.org/archives/security-services/200203/msg00026.html">http://lists.oasis-open.org/archives/security-services/200203/msg00026.html</a></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Item 30 in that list was:</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>"</span></font><font size=2><span style='font-size:
10.0pt'>30. Bindings &amp; Profiles Doc. If the assertion is created at the
time of</span></font> <br>
<font size=2><span style='font-size:10.0pt'>artifact creation and the request
for this assertion comes after the</span></font> <br>
<font size=2><span style='font-size:10.0pt'>assertion has expired, will the
source site return the expired assertion or</span></font> <br>
<font size=2><span style='font-size:10.0pt'>an error response or a successful
response with no assertion?&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Prateek responded to a number of the comments/questions on </span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>8-Mar-02</span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> in message:</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a
href="http://lists.oasis-open.org/archives/security-services/200203/msg00045.html">http://lists.oasis-open.org/archives/security-services/200203/msg00045.html</a></span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>His specific response was:</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>-----------------------------</span></font></p>

<p><font size=2 face="Times New Roman"><span style='font-size:10.0pt'>[Prateek]</span></font></p>

<p><font size=2 face="Times New Roman"><span style='font-size:10.0pt'>Any one
of the following responses is conformant: (1) no assertion is returned with
SUCCESS status code, (2) the expired assertion is returned with SUCCESS status
code.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>-----------------------------</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>From what I can find in subsequent minutes and email exchanges,
there wasn't much more said about it and there wasn't an action
item to clarify it in B&amp;P.&nbsp; </span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Soooo... since Prateek's response clearly states
the expected result and, as I mentioned, this is consistent with what we state
in -core regarding Query/Request processing, I would really like to clarify
the B&amp;P text and treat it as an editorial/errata change.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>DOES ANYONE OBJECT to treating it as such with the following
replacement text:</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>"If the source site is able to find or construct the
requested assertions, it responds with a </span></font><span class=Element><font
size=2 face="Courier New"><span style='font-size:10.0pt'>&lt;samlp:Response&gt;</span></font></span><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> message
with the requested assertions. Otherwise, it responds with a </span></font><span
class=Element><font size=2 face="Courier New"><span style='font-size:10.0pt'>&lt;samlp:Response&gt;
</span></font></span><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>message with no assertions and a </span></font><span
class=Element><font size=2 face="Courier New"><span style='font-size:10.0pt'>&lt;samlp:StatusCode&gt;
</span></font></span><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>element with the value </span></font><span class=Keyword><font
size=2 face="Courier New"><span style='font-size:10.0pt'>Success</span></font></span><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>."
This would be consistent with the wording in -core.</span></font></p>

<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>&nbsp;</span></font></p>

<p><b><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial;
font-weight:bold'>Rob Philpott</span></font></b><font size=2><span
style='font-size:10.0pt'> <br>
</span></font><b><font size=2 color=red face=Arial><span style='font-size:10.0pt;
font-family:Arial;color:red;font-weight:bold'>RSA Security Inc.</span></font></b><font
size=2><span style='font-size:10.0pt'> <br>
</span></font><i><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial;font-style:italic'>The Most Trusted Name in e-Security</span></font></i><font
size=2><span style='font-size:10.0pt'> <br>
</span></font><b><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy;font-weight:bold'>Tel: 781-515-7115</span></font></b><font
size=2 color=navy><span style='font-size:10.0pt;color:navy'> <br>
</span></font><b><font size=2 color=navy face=Arial><span style='font-size:
  10.0pt;font-family:Arial;color:navy;font-weight:bold'>Mobile</span></font></b><b><font
size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy;font-weight:bold'>: 617-510-0893</span></font></b><font size=2
color=navy><span style='font-size:10.0pt;color:navy'> <br>
</span></font><b><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy;font-weight:bold'>Fax: 781-515-7020</span></font></b><font
size=2 color=navy><span style='font-size:10.0pt;color:navy'> <br>
</span></font><font size=2 color=blue face=Arial><span style='font-size:10.0pt;
font-family:Arial;color:blue'><a href="mailto:rphilpott@rsasecurity.com">mailto:rphilpott@rsasecurity.com</a></span></font>
</p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>&nbsp;</span></font></p>

</div>

</body>

</html>

------_=_NextPart_001_01C30F63.DD264E80--

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]