OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Comments on V1.1 Spec

Hello,

Here are my comments (mainly editorial) on V1.1 Spec.
Please check them.

<core>
- line [468]
  "MUST not" should be "MUST NOT" ?
- line [553]
  "MUST not" should be "MUST NOT" ?

- about <DoNotCacheCondition> element
  The processing rules of the sub-elements and attributes of a
  <Conditions> element are described at line 485-492.
  To make the relying party possible to follow this rules, each
  <Condition> element (extension of ConditionAbstractType) should have
  a clear definition of when it evaluates to Valid.
  Current description in 2.3.2.1.4 mentions nothing about its validity.

  # I wonder if it is suitable to define <DoNotCacheCondition> as a
  # sub-element of a <Conditions>. (It is like Obligation in XACML.)


<binding>
- Examples for POST profile should use "https" instead of "http" (at
  line [685], [753]) as with the case with examples for Artifact
  profile (at line [460], [503]).
  Line [480] (Artifact profile) also uses "http".

- Action attribute for FORM element specifies the action URI for the
  form.
  So, I think protocol part such as "https://" should be specified in
  at line [707], [743].

- Similarly, Recipient attribute has type "anyURI". Its value should
  be set to https://<assertion consumer host name and path> at line
  [762], [816].

<conformance>
- line [346]
  "AuthenticationResponse" should be "authentication response"
- line [355]
  "returned authentication query" should be "received authentication query"
- line [371]
  "AttributeResponse" should be "attribute response"
- line [392],[394]
  "authentication assertion" should be "authorization decision assertion"
- line [393]
  "AuthenticationQuery" should be "AuthorizationDecisionQuery"
- line [397]
  "AuthorizationQuery" should be "AuthorizationDecisionQuery"
  "AuthorizationResponse" should be "authorization decision response"
- line [409]
  "AuthorizationQuery" should be "AuthorizationDecisionQuery"
- line [424]
  "Authentication Assertion" should be "SSO Assertion"
  <Note> Headings for 4.2.3 and 4.2.4 use "SSO assertion".
- line [428],[429]
  "authentication assertion" should be "SSO assertion"
- line [431]
  "Authorization decision assertion" should be "SSO assertion"
- line [432]
  "AuthorizationQuery" should be ?????
  <Note> At line [441], the phrase "authentication query containing
        the artifact" is used. 
        Can we describe "request by AssertionArtifact" as
        "authentication query"?
- line [433]
  "AuthorizationResponse" should be ?????
line [438]
  "Authentication Assertion" should be "SSO Assertion"
line [443]
  "authentication assertion" should be "SSO assertion"
line [444]
  "AuthorizationQuery" should be "Authentication query containing the artifact"??
line [453]
  "Authentication assertion" should be "SSO assertion"
line [464]
  "authentication assertion" should be "SSO assertion"

---
Toshi

NISHIMURA Toshihiro (FAMILY Given)
nishimura.toshi@jp.fujitsu.com
XML Application Technology Dept., PROJECT-A XML, FUJITSU LIMITED

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]