[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] saml-tech-overview-1.1-draft-01 feedback
Frederick, many thanks for the comments. Given its "high visibility" - I believe its important to get a new version out ASAP. So if any one else has comments/suggestions - please let me know by the end of this week and I will publish a new version early next week. John > -----Original Message----- > From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com] > Sent: 03 March 2004 13:29 > To: security-services@lists.oasis-open.org > Subject: [security-services] saml-tech-overview-1.1-draft-01 feedback > > > I have some suggestions for the SAML Technical Overview draft 01. > > This is an excellent and well-written document. > > Line 149 - This may read as if it says that the SAML response > contains header information in the SOAP body, rather than SOAP > header - might be confusing. Would it be correct to state > > "The SAML response contains SAML status information in addition > to one or more assertions." > > Line 231 - I think relying party and asserting party are switched > in this sentence? Should it be: > "Just providing assertions from an asserting party to a relying > party may not be not be adequate for a secure system." > > Line 283 > It might be useful (or maybe not) to add a sentence after line > 282 to define what an Intersite Transfer Service is: > > "In this example, the local web site includes a component called > an Inter-site Transfer Service. This is an addressable component > that provides a point of functionality for SAML processing such > as artifact and redirect generation." > > Line 283 > Might be helpful to label remote site "xyz" and local site "abc" > in picture. Should probably rename "Artifact Consumer" to > "Artifact Receiver" to match text. > > Line 299 > If #7 is removed for the URL then the later numbers will match > the picture. > > Line 320 > "An access check is then performed to establish..." > > Line 381 > "The user browser will cause an HTTP POST containing the SAML response .." > > regards, Frederick > > Frederick Hirsch > Nokia > > > > To unsubscribe from this mailing list (and be removed from the > roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave _workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]