security-services message

Subject: RE: [security-services] A browser/POST question...

From: "Mishra, Prateek" <pmishra@netegrity.com>
To: "'Philpott, Robert '" <rphilpott@rsasecurity.com>, "Mishra, Prateek" <pmishra@netegrity.com>, ''Scott Cantor ' ' <cantor.2@osu.edu>, "'''''Eve L. Maler' ' ' ' '" <eve.maler@sun.com>, "''security-services@lists.oasis-open.org ' '" <security-services@lists.oasis-open.org>
Date: Thu, 1 May 2003 16:16:24 -0400

Scott, Rob:

(1) Thanks for your paitence !
(2) I finally understood the problem (that took a while!)
(3) I have no problem with the following proposed text: 



Does this work?  This one is for bearer, but we can update the
artifact-01
case similarly.  It precludes the case I described in my last message,
but I
really am okay with the semantics described here...
-------------------
Every <saml:SubjectStatement> present in the assertion(s) returned to
the
destination site MUST contain a <saml:SubjectConfirmation> element. The
<saml:ConfirmationMethod> element in the <saml:SubjectConfirmation> MUST
be
set to urn:oasis:names:tc:SAML:1.0:cm:bearer.
-------------------

4) I agree this is kind of goofy overall and probably needs to be revised in
SAML 2.0. For good or bad it was sort of the proposal in 1.0.


- prateek

Follow-Ups:
- Re: [security-services] A browser/POST question...
  - From: "Eve L. Maler" <eve.maler@sun.com>