OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: Comments on Bindings and Profiles doc - Draft 06



-----Original Message-----
From: John Hughes [mailto:john.hughes@entegrity.com]
Sent: 19 May 2003 17:56
To: Prateek Mishra; Robert Philpott; Eve Maler
Subject: RE: Comments on Bindings and Profiles doc - Draft 06


Also some comments on the Browser/POST Profile section:

4.1.2.3 Line 685.  This should be https

4.1.2.4. Line 701.  Missing closing bracket on <HTTP-Version

4.1.2.5 Line 753.  Missing <HTTP Version> at the end of the POST header

General - seems strange to the reader that the TARGET value supplied in the
HTML form received back is then not used in the POST.  I think something
should be said on this matter.


John

> -----Original Message-----
> From: John Hughes [mailto:john.hughes@entegrity.com]
> Sent: 19 May 2003 11:19
> To: Prateek Mishra; Robert Philpott; Eve Maler
> Subject: Comments on Bindings and Profiles doc - Draft 06
>
>
> Prateek/Rob/Eve,
>
> its some time since I've looked at this document - but on going
> through the Profiles section I've up with the following comments
> - most of which are minor (which is why I did not sent it to the list).
>
>
> General:
>
> - to the HTTP purist the HTTP examples are wrong.  For instance
> on line 460 it should be:
>
> 	GET <path>?TARGET=<Target> <HTTP-Version>
>
> The HTTP GET header does not include the protocol nor the host name
>
> - Throughout the doc there seems to be spurious "..." - as in
> line 460.  I guess in this case its supposed to represent a
> space.  Whilst in other cases (which is the more accepted norm),
> represents missing headers or components.
>
>
> 4.1.1.4 line 480.  The location field should use the https
> protocol to be consistent with the text on 495-498 and to match line 503.
>
> 4.1.1.4 line 486.  Nothing explains what the "..." mean.  In
> addition how do you delimit the TARGET and SAMLart query
> variables.  Nothing is said.  Its usual to use "&".
>
> 4.1.1.8 line 565. Why have Byte1Byte2 defined.  It is not further
> on.  Would it not be simpler to have defined
> 	TypeCode := 0x0001
>
> 4.1.1.8 line 592.  Nothing is defined about the use or purpose of
> AssertionHandle in this section
>
>
> Hope this helps
>
>
> John
>
>
>
>
>
> ---------------------------------------------
> John Hughes     SVP and CTO
> Entegrity Solutions
> www.entegrity.com   john.hughes@entegrity.com
> Home Office Tel:  +44 (0) 1525 380160
> Mobile:           +44 (0) 7768 055070
> --------------------------------------------

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]