[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: No Subject
Soooo... since Prateek's response clearly states the expected result and, as I mentioned, this is consistent with what we state in -core regarding Query/Request processing, I would really like to clarify the B&P text and treat it as an editorial/errata change. DOES ANYONE OBJECT to treating it as such with the following replacement text: "If the source site is able to find or construct the requested assertions, it responds with a <samlp:Response> message with the requested assertions. Otherwise, it responds with a <samlp:Response> message with no assertions and a <samlp:StatusCode> element with the value Success." This would be consistent with the wording in -core. Rob Philpott RSA Security Inc. The Most Trusted Name in e-Security Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 mailto:rphilpott@rsasecurity.com <mailto:rphilpott@rsasecurity.com> ------_=_NextPart_001_01C30F63.DD264E80 Content-Type: text/html <html> <head> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII"> <meta name=Generator content="Microsoft Word 10 (filtered)"> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;} p {margin-right:0in; margin-left:0in; font-size:12.0pt; font-family:"Times New Roman";} span.EmailStyle17 {font-family:Arial; color:windowtext;} span.Element {font-family:"Courier New";} span.Keyword {font-family:"Courier New";} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.Section1 {page:Section1;} --> </style> </head> <body lang=EN-US link=blue vlink=purple> <div class=Section1> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>Hi folks,</span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>Lines 505-507 (section 4.1.1.6) of the -02 draft B&P Word document state:</span></font></p> <p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size: 12.0pt'> </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>"If the source site is able to find or construct the requested assertions, it responds with a </span></font><span class=Element><font size=2 face="Courier New"><span style='font-size:10.0pt'><samlp:Response></span></font></span><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> message with the requested assertions. Otherwise, it returns an appropriate status code, as defined within the selected SAML binding."</span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>This is not really clear and will probably be construed by the reader to mean either that a SAML error status code should be returned in a samlp:Response or that a SOAP fault error should be returned (assuming the "selected SAML binding" is SOAP over HTTPS). I believe that we've all agreed that the "appropriate" result is to send a samlp:Response with a status code set to "Success" but that the response contains no assertions.</span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>At least this is consistent with what we state in -core regarding Query/Request processing. It is also consistent with my research through the archives since I recalled this being discussed once upon a time.</span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>Last February, Dipak Chopra from SAP submitted a lengthy list of comments/questions to the -comment list on the specs. Hal fwd'ed the message to the main list. The link for the fwd'ed message is:</span></font></p> <p class=MsoNormal style='text-indent:.5in'><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><a href="http://lists.oasis-open.org/archives/security-services/200203/msg00026.html">http://lists.oasis-open.org/archives/security-services/200203/msg00026.html</a></span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>Item 30 in that list was:</span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>"</span></font><font size=2><span style='font-size: 10.0pt'>30. Bindings & Profiles Doc. If the assertion is created at the time of</span></font> <br> <font size=2><span style='font-size:10.0pt'>artifact creation and the request for this assertion comes after the</span></font> <br> <font size=2><span style='font-size:10.0pt'>assertion has expired, will the source site return the expired assertion or</span></font> <br> <font size=2><span style='font-size:10.0pt'>an error response or a successful response with no assertion? </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>Prateek responded to a number of the comments/questions on </span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>8-Mar-02</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> in message:</span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> <a href="http://lists.oasis-open.org/archives/security-services/200203/msg00045.html">http://lists.oasis-open.org/archives/security-services/200203/msg00045.html</a></span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>His specific response was:</span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>-----------------------------</span></font></p> <p><font size=2 face="Times New Roman"><span style='font-size:10.0pt'>[Prateek]</span></font></p> <p><font size=2 face="Times New Roman"><span style='font-size:10.0pt'>Any one of the following responses is conformant: (1) no assertion is returned with SUCCESS status code, (2) the expired assertion is returned with SUCCESS status code.</span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>-----------------------------</span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>From what I can find in subsequent minutes and email exchanges, there wasn't much more said about it and there wasn't an action item to clarify it in B&P. </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>Soooo... since Prateek's response clearly states the expected result and, as I mentioned, this is consistent with what we state in -core regarding Query/Request processing, I would really like to clarify the B&P text and treat it as an editorial/errata change.</span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>DOES ANYONE OBJECT to treating it as such with the following replacement text:</span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> </span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>"If the source site is able to find or construct the requested assertions, it responds with a </span></font><span class=Element><font size=2 face="Courier New"><span style='font-size:10.0pt'><samlp:Response></span></font></span><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> message with the requested assertions. Otherwise, it responds with a </span></font><span class=Element><font size=2 face="Courier New"><span style='font-size:10.0pt'><samlp:Response> </span></font></span><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>message with no assertions and a </span></font><span class=Element><font size=2 face="Courier New"><span style='font-size:10.0pt'><samlp:StatusCode> </span></font></span><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'>element with the value </span></font><span class=Keyword><font size=2 face="Courier New"><span style='font-size:10.0pt'>Success</span></font></span><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>." This would be consistent with the wording in -core.</span></font></p> <p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial'> </span></font></p> <p><b><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial; font-weight:bold'>Rob Philpott</span></font></b><font size=2><span style='font-size:10.0pt'> <br> </span></font><b><font size=2 color=red face=Arial><span style='font-size:10.0pt; font-family:Arial;color:red;font-weight:bold'>RSA Security Inc.</span></font></b><font size=2><span style='font-size:10.0pt'> <br> </span></font><i><font size=2 face=Arial><span style='font-size:10.0pt; font-family:Arial;font-style:italic'>The Most Trusted Name in e-Security</span></font></i><font size=2><span style='font-size:10.0pt'> <br> </span></font><b><font size=2 color=navy face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:navy;font-weight:bold'>Tel: 781-515-7115</span></font></b><font size=2 color=navy><span style='font-size:10.0pt;color:navy'> <br> </span></font><b><font size=2 color=navy face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:navy;font-weight:bold'>Mobile</span></font></b><b><font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial; color:navy;font-weight:bold'>: 617-510-0893</span></font></b><font size=2 color=navy><span style='font-size:10.0pt;color:navy'> <br> </span></font><b><font size=2 color=navy face=Arial><span style='font-size: 10.0pt;font-family:Arial;color:navy;font-weight:bold'>Fax: 781-515-7020</span></font></b><font size=2 color=navy><span style='font-size:10.0pt;color:navy'> <br> </span></font><font size=2 color=blue face=Arial><span style='font-size:10.0pt; font-family:Arial;color:blue'><a href="mailto:rphilpott@rsasecurity.com">mailto:rphilpott@rsasecurity.com</a></span></font> </p> <p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size: 12.0pt'> </span></font></p> </div> </body> </html> ------_=_NextPart_001_01C30F63.DD264E80--
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]